All,
I am using AIX 5.3.
while running the rsh command I am getting below error message.
------------------
A remote host refused an attempted connect operation.
------------------
.rhost file is updated with correct entry on both the servers. I.e.
Login ID Server name
in /etc/hosts file, entry for server name is there with correct IP address.
Please help me to understand where can be the issue?
Thanks,
Anshu
I believe the format of the entries in the .rhosts file should be
Servername LoginID
Make sure that you can resolv the hostname both ways. Meaning from "Host A" you can for example ping "Host B" and it returns what you expect and then ping from "Host B" to "Host A". The best I can remember it must be able to do a reverse lookup. So "Host A" info should be in /etc/hosts on "Host B" and "Host B" should be in the /etc/hosts file on "Host A". If you don't I would recomment having the shortname in the /etc/hosts file as well, for example:
10.1.1.1 testbox.foobar.com testbox
Not sure if you have a firewall between the two hosts, if so you might verify that rsh traffice is allowed between the hosts. Port 514 I think but could be wrong on that one.
Another good test if the entry in .rhosts might be the problem is, to just login via ssh from the box that tries to get access via rsh and do a
who am i
and check the hostname given in the last field surrounded by brackets. This is the name that should be placed into the .rhosts. If not necessary you can leave usernames out. Should work only anyway if you keep the UIDs on the systems the same for the user id.
Hi,
check if rshd is running - it might be commented in /etcd/inetd.conf (the shell entry) - if so uncomment and start it using
startsrc -t shell
Kind regards
zxmaus
Thanks for your kind help ..!!
Yes, .rhosts entry is with server name and then login ID
I am able to do successfull ping from both side.
entry for server name with IP address in there only in respective servers, means in server A /etc/hosts file, only server A entry there.
Suppose I have three server A,B and C..... then I am able to connect to server A and C and vice versa. but from server A or C, if I am trying to connect to server B I am getting "A remote host refused an attempted connect operation". In the same manner if I try to connect from server B to server A/C, I am able to connect but it takes more than expected time.
Any clue ..? please
In the past my rsh problems have been related to some sort of resolve problem. Verify what zaxxon suggested. I usually put the shortname and the fully qualified name in the .rhosts file to be safe.
The slowness from server B to server A/C kind of sounds like a those servers are having a hard time resolving Server B.
From server A/C try
host ServerB
and from server B try the same thing for server A and Server C. Maybe share the results here change the host names for security purposes. I wouldn't mind seeing the .rhost entries from each server as well. Maybe someone will notice something that is not right.
To check why your name resolving is so slow, you might want to post following outputs all from serverB which is having the problems:
.. and when posting, make sure using
```text
and
```
tags so it is readable for us, ty.
time nslookup serverA
time nslookup serverC
cat /etc/resolv.conf
grep -vE "^#|^$" /etc/netsvc.conf
grep "serverA|serverC" /etc/hosts
vmstat -w -t -I 1 10
Hey thanks for your help... Below is the O/P
@juredd1
I removed all the entries from .rhosts file and just put [+] sign.
serverA>host serverB
serverB.t.com is 10.116.169.52
ServerC>host serverB
serverB.t.com is 10.116.169.52
ServerB>host serverA
serverA.t.com is 10.116.214.81
ServerB>host serverC
serverc.t.com is 10.116.214.83
there was no O/p of below commands
grep -vE "^#|^$" /etc/netsvc.conf
grep serverA /etc/hosts
grep serverC /etc/hosts
$ time nslookup dseax202
Server: tedns01v.t.com
Address: 10.64.40.215
Name: dseax202.t.com
Address: 10.116.214.81
real 0m0.02s
user 0m0.00s
sys 0m0.00s
$ time nslookup etlax202
Server: tedns01v.t.com
Address: 10.64.40.215
Name: etlax202.t.com
Address: 10.116.214.83
real 0m0.00s
user 0m0.00s
sys 0m0.01s
$
$ cat /etc/resolv.conf
domain t.com
search t.com tgt.com mervyns.com dh.com backup.t.com bc.t.com labs.t.com
nameserver 10.97.40.215
nameserver 10.64.40.215
$
$ grep -vE "^#|^$" /etc/netsvc.conf
$
$ vmstat -w -t -I 1 10
System configuration: lcpu=8 mem=16383MB ent=2.00
kthr memory page faults cpu time
----------- --------------------- ------------------------------------ ------------------ ----------------------- --------
r b p avm fre fi fo pi po fr sr in sy cs us sy id wa pc ec hr mi se
1 0 0 1101954 2307466 0 0 0 0 0 0 10 388 255 1 0 98 0 0.04 1.9 14:23:00
1 0 0 1101955 2307465 0 0 0 0 0 0 34 149 234 0 0 99 0 0.01 0.6 14:23:01
1 0 0 1101954 2307466 0 0 0 0 0 0 14 1159 237 0 1 99 0 0.02 1.1 14:23:02
1 0 0 1102083 2307337 0 1 0 0 0 0 134 13619 261 3 4 93 0 0.15 7.5 14:23:03
1 0 0 1102021 2307399 0 0 0 0 0 0 36 140 241 0 0 99 0 0.01 0.6 14:23:04
1 0 0 1101842 2307578 0 0 0 0 0 0 102 560 256 1 1 99 0 0.04 1.8 14:23:05
1 0 0 1101842 2307578 0 0 0 0 0 0 9 159 242 0 0 99 0 0.01 0.6 14:23:06
1 0 0 1101983 2307437 0 0 0 0 0 0 16 1602 257 1 1 98 0 0.04 2.1 14:23:07
1 0 0 1101983 2307437 0 0 0 0 0 0 14 141 243 0 0 99 0 0.01 0.5 14:23:08
3 0 0 1101983 2307437 0 0 0 0 0 0 98 168 236 0 0 99 0 0.01 0.6 14:23:09
$
It doesn't look like zaxxon is currently online so I through this out there. Looks like the nslookup response times are good but the answering DNS server is the second one in your resolv.conf list for some reason. No DNS expert here but you might try swapping the nameserver entries around so the 10.64.40.215 is the top one.
I don't recall what the default ordering of name resolution is if the netsvc.conf file does not have an entry but you could try putting the host names in the /etc/hosts file. If I read your code correctly those are not currently there. Will look something like below:
10.1.1.1 serverA.t.com serverA
Then vi your /etc/netsvc.conf file and enter
hosts=local,bind4
at the bottom of your netsvc.conf file. This would tell the system to look in the /etc/hosts file before searching the dns records.
If it doesn't help you can remove the changes I suggested.
To everyone reading if I have this wrong please correct me.
My answer would have been very similar 
With vmstat I wanted to make sure your box is not having performance issues. The vmstat is something you could check on the servers you are trying to connect to, just to make sure, they are not too busy to bring up the login in an acceptable amount of time.
Hi,
regarding your /etc/resolv.conf:
you have both - a domain entry and a search entry - what is wrong on AIX. The domain entry and search entry are mutually exclusive, so if both entries are used, the one that appears last will override the other. Please have a look here.
Kind regards
zxmaus
Absoluteley right what zxmaus says and the docu also states
You have 7 entries.
Not sure if this is the reason for the problem but this makes it more conform to the config rules.
Thanks ..every one for your time and solution. I am working with UNIX admin tem to check these setting and make the changes. I will keep you posting the result.