CentOS - Jul 2008 - rsh problems in CentOS 5.2 (was "cvs command failure on 5.2")

Okay, I've narrowed the problem down quite a bit.  As previously
reported, in CentOS 5.2 I get this:

$ cvs log Makefile
poll: protocol failure in circuit setup
cvs [log aborted]: end of file from server (consult above messages if any)

Turns out this is a problem with rsh:

$ rsh khan ls
connect to address 10.24.15.48 port 544: Connection refused
Trying krb4 rsh...
connect to address 10.24.15.48 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
poll: protocol failure in circuit setup

Now, if I just reomtely login to khan (our cvs server), I get this:

[mrichter at sushi ~]$ khan
connect to address 10.24.15.48 port 543: Connection refused
Trying krb4 rlogin...
connect to address 10.24.15.48 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Last login: Fri Jul  4 18:19:01 from viper
[mrichter at khan mrichter]$

Voila - I'm logged in.

Also, if I try an rsh from another machine (viper - FC1), I get this:

[mrichter at viper mrichter]$ rsh khan ls
connect to address 10.24.15.48: Connection refused
Trying krb4 rsh...
connect to address 10.24.15.48: Connection refused
trying normal rsh (/usr/bin/rsh)
Desktop
Documents
Download
Music
Pictures
Public
Templates
Videos
bin
lane608
rls_607
temp.xml


So, what is it about rsh from CentOS 5.2 such that the kerberos
certification destroys its chances of success?  Alternative question:
what do I need to tweak to make this work?

Thanks.

mhr

PS: Google has lots of wrong answers on this, mostly really old and of
no use at all.

On Mon, Jul 7, 2008 at 11:53 AM, MHR <mhullrich at gmail.com>
wrote:
> Okay, I've narrowed the problem down quite a bit.  As previously
> reported, in CentOS 5.2 I get this:
>
> $ cvs log Makefile
> poll: protocol failure in circuit setup
> cvs [log aborted]: end of file from server (consult above messages if any)
>
> Turns out this is a problem with rsh:
>
> $ rsh khan ls
> connect to address 10.24.15.48 port 544: Connection refused
> Trying krb4 rsh...
> connect to address 10.24.15.48 port 544: Connection refused
> trying normal rsh (/usr/bin/rsh)
> poll: protocol failure in circuit setup
>
> Now, if I just reomtely login to khan (our cvs server), I get this:
>
> [mrichter at sushi ~]$ khan
> connect to address 10.24.15.48 port 543: Connection refused
> Trying krb4 rlogin...
> connect to address 10.24.15.48 port 543: Connection refused
> trying normal rlogin (/usr/bin/rlogin)
> Last login: Fri Jul  4 18:19:01 from viper
> [mrichter at khan mrichter]$
>
> Voila - I'm logged in.
>
> Also, if I try an rsh from another machine (viper - FC1), I get this:
>
> [mrichter at viper mrichter]$ rsh khan ls
> connect to address 10.24.15.48: Connection refused
> Trying krb4 rsh...
> connect to address 10.24.15.48: Connection refused
> trying normal rsh (/usr/bin/rsh)
> Desktop
> Documents
> Download
> Music
> Pictures
> Public
> Templates
> Videos
> bin
> lane608
> rls_607
> temp.xml
>
>
> So, what is it about rsh from CentOS 5.2 such that the kerberos
> certification destroys its chances of success?  Alternative question:
> what do I need to tweak to make this work?
>
Narrowed it down a bit further:  I can rsh to khan directly with no
command, but if I add a command, that's when the rsh fails:

[mrichter at sushi lane]$ khan
connect to address 10.24.15.48 port 543: Connection refused
Trying krb4 rlogin...
connect to address 10.24.15.48 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Last login: Mon Jul  7 11:59:59 from sushi
[mrichter at khan mrichter]$ ls
bin/      Documents/  lane608/  Pictures/  rls_607/    temp.xml
Desktop/  Download/   Music@    Public/    Templates/  Videos/
[mrichter at khan mrichter]$ exit
rlogin: connection closed.
[mrichter at sushi lane]$ rsh khan ls
connect to address 10.24.15.48 port 544: Connection refused
Trying krb4 rsh...
connect to address 10.24.15.48 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
poll: protocol failure in circuit setup
[mrichter at sushi lane]$

Sushi is my CentOS 5.2 machine, khan is our CVS server running:

[mrichter at khan mrichter]$ lsb_release -a
LSB Version:    1.3
Distributor ID: RedHatEnterpriseAS
Description:    Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
Release:        3
Codename:       TaroonUpdate2

Any ideas?

mhr

On Mon, Jul 7, 2008 at 12:53 PM, MHR <mhullrich at gmail.com>
wrote:
> Okay, I've narrowed the problem down quite a bit.  As previously
> reported, in CentOS 5.2 I get this:
>
Well whyis port 544 and 543 getting connection refused in the logs on
the server? Are you using kerberos? Are the tickets you getting
forwardable?
> $ cvs log Makefile
> poll: protocol failure in circuit setup
> cvs [log aborted]: end of file from server (consult above messages if any)
>
> Turns out this is a problem with rsh:
>
> $ rsh khan ls
> connect to address 10.24.15.48 port 544: Connection refused
> Trying krb4 rsh...
> connect to address 10.24.15.48 port 544: Connection refused
> trying normal rsh (/usr/bin/rsh)
> poll: protocol failure in circuit setup
>
> Now, if I just reomtely login to khan (our cvs server), I get this:
>
> [mrichter at sushi ~]$ khan
> connect to address 10.24.15.48 port 543: Connection refused
> Trying krb4 rlogin...
> connect to address 10.24.15.48 port 543: Connection refused
> trying normal rlogin (/usr/bin/rlogin)
> Last login: Fri Jul  4 18:19:01 from viper
> [mrichter at khan mrichter]$
>
> Voila - I'm logged in.
>
> Also, if I try an rsh from another machine (viper - FC1), I get this:
>
> [mrichter at viper mrichter]$ rsh khan ls
> connect to address 10.24.15.48: Connection refused
> Trying krb4 rsh...
> connect to address 10.24.15.48: Connection refused
> trying normal rsh (/usr/bin/rsh)
> Desktop
> Documents
> Download
> Music
> Pictures
> Public
> Templates
> Videos
> bin
> lane608
> rls_607
> temp.xml
>
>
> So, what is it about rsh from CentOS 5.2 such that the kerberos
> certification destroys its chances of success?  Alternative question:
> what do I need to tweak to make this work?
>
> Thanks.
>
> mhr
>
> PS: Google has lots of wrong answers on this, mostly really old and of
> no use at all.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

On Mon, Jul 07, 2008 at 11:53:42AM -0700, MHR wrote:
> $ rsh khan ls
> connect to address 10.24.15.48 port 544: Connection refused
> Trying krb4 rsh...
> connect to address 10.24.15.48 port 544: Connection refused
> trying normal rsh (/usr/bin/rsh)
> poll: protocol failure in circuit setup
This version of rsh is probably /usr/kerberos/bin/rsh  (use "type rsh"
or "which rsh" to verify).  Try using /usr/bin/rsh instead.

(the krb5-workstation package sets this early on your PATH in /etc/profile.d/)

-- 

rgds
Stephen