 |
Index for
Section 1 |
|
 |
Alphabetical
listing for R |
|
 |
Bottom of
page |
|
rsh(1)
NAME
rsh - Executes a specified command on a remote host or logs into a remote
host
SYNOPSIS
rsh [-dfnx] [-l user] remote_host [command] [argument...]
The remote shell command (rsh) executes command at the remote_host, or, if
no command is specified, logs into remote_host.
OPTIONS
-d Turns on socket debugging (using setsockopt()) on the TCP sockets used
for communication with the remote host.
-f Copies your Kerberos ticket from the local host to the remote host to
establish your Kerberos credentials on the remote host. This option
requires that the local and remote hosts be configured to use Kerberos
authentication in the same or trusting Kerberos realms. The Kerberos
ticket will remain on the remote host until it either expires or it is
explicitly destroyed. The -f option is ignored when used with the -l
option.
-l username
Specifies to log into the remote host using the specified username
instead of the local username. If this option is not specified, the
local and remote usernames are the same.
-n Specifies that the rsh command is to ignore input from STDIN. Use this
option if you put rsh in the background without redirecting its input
away from the terminal. If you do not use this option in this
situation, rsh blocks even if no reads are posted by the remote
command.
-x Encrypts the data transmitted between the local host and the remote
host. This option requires that the local and remote hosts be
configured to use Kerberos authentication in the same or trusting
Kerberos realms.
DESCRIPTION
The rsh command sends standard input from a local host to a remote host and
receives standard output and standard error from the remote host. By
default, the rsh command executes the rlogin command if you do not specify
a command.
While the remote command is executing, pressing the Interrupt, Terminate,
or Quit key sequences sends the corresponding signal to the remote process.
However, pressing the Stop key sequence stops only the local process.
Normally, when the remote command terminates, the local rsh process
terminates.
By default, metacharacters are interpreted by the local shell. To have
shell metacharacters interpreted on the remote host, place the
metacharacters inside double quotes.
The way that the remote host authenticates a user and transmits data
depends on if the local and remote hosts are using a basic connection or a
secure connection (Kerberos or Secure Shell). Basic and secure connections
provide user authentication; however, a secure connection also provides
client and server authentication, data encryption, data integrity, and
nonrepudiation.
Basic Connection
A basic connection is one where the rsh command connects to the remote host
and the remote host authenticates the user if one of the following
conditions is satisfied:
· If the local user ID is not the root user, and the name of the local
host is listed as an equivalent host in the /etc/hosts.equiv file on
the remote host.
· If the local user ID is the root user or if the check of
/etc/hosts.equiv fails, the user's home directory on the remote host
must contain a $HOME/.rhosts file that lists the local host name and
user name. The $HOME/.rhosts file must be owned by either the remote
user or the root user, and have permissions set to 600 (read and write
by owner only).
The rsh command allows access to the remote host if the remote user account
does not have a password defined. However, for security reasons, use of a
password on all user accounts is recommended.
Secure Connection
A secure connection is one where the rsh command connects to the remote
host by using either Kerberos or Secure Shell. Kerberos and Secure Shell
are client/server applications that authenticate the client, server, and
user; encrypt data; and ensure data integrity and nonrepudiation. See your
system administrator to determine if your system is running Kerberos or
Secure Shell software. See the Security Administration guide for more
information about Kerberos and Secure Shell.
Kerberos
Kerberos does not use the /etc/host.equiv file or the $HOME/.rhosts file
for authentication. Kerberos authenticates by using secret-key cryptography
and tickets between Kerberos clients and Kerberos servers in the same or
trusting Kerberos realms. Once authenticated by Kerberos, users receive a
Kerberos Ticket Granting Ticket (TGT). Users with a valid TGT are not
prompted for a username or password when the remote host is in the same or
trusting Kerberos realm.
To use Kerberos to execute a command or log in to a remote host, enter the
rsh command with the -f and -x options.
Secure Shell
Secure Shell authenticates users by using passwords, host-based
identification, or public and private keys between Secure Shell clients and
servers.
By default, the rsh command will use Kerberos (with a valid TGT) when a
system is configured to use both Kerberos and Secure Shell.
To use Secure Shell to execute a command or log in to a remote host, enter
the Secure Shell ssh2 (or ssh) command instead of the rsh command. The ssh2
command provides the same functionality and options as the rsh command over
a secure connection. See ssh2(1) for more information on using the Secure
Shell ssh2 command.
Alternatively, you can configure the rsh, rlogin, and rcp commands and
applications that use the rcmd() function to automatically use a Secure
Shell connection by enabling the Secure Shell EnforceSecureRutils keyword
in the /etc/ssh2/ssh2_config file or in a user's $HOME/.ssh2/ssh2_config
file. When the EnforceSecureRutils keyword is enabled:
· The sshd daemon runs and spawns the srcmd child process; the rshd
daemon does not run.
· The rsh command can only use Secure Shell host-based authentication to
authenticate users.
See Security Administration for more information about configuring Secure
Shell host-based authentication and the EnforceSecureRutils keyword.
After it is determined that Secure Shell will be used, all authentication
and communication between the client and server will use the Secure Shell
connection. A connection is not established if a user cannot be
authenticated.
RESTRICTIONS
The rsh command is confused by output generated by commands in a .cshrc
file on the remote host. In particular, the messages, where are you? and
stty: Can't assign requested address can result if output is generated by
the startup file.
EXAMPLES
In the following examples, the local host host1 is listed in the
/etc/hosts.equiv file at the remote host host2.
1. To check the amount of free disk space on the remote host host2,
enter:
$ rsh host2 df
2. To append a remote file to another file on the remote host, place the
>> metacharacters in (double quotes):
$ rsh host2 cat test1 ">>" test2
3. To append a remote file at the remote host to a local file, omit the
double quotes:
$ rsh host2 cat test2 >> test3
4. To append a remote file to a local file and use a remote user's
permissions at the remote host, use the -l option:
$ rsh host2 -l jane cat test4 >> test5
The following examples use Kerberos. The local host host1 and the remote
host host2 are in the same Kerberos realm.
1. To check the amount of free disk space on the remote host over an
encrypted connection, enter:
$ rsh -x host2 df
2. To execute a command and forward your Kerberos ticket to the remote
host, enter:
$ rsh -f host2 df
FILES
/etc/hosts.equiv
Specifies remote hosts from which users can execute commands on the
local host (provided these users have an account on the local host).
$HOME/.rhosts
Specifies remote users that can use a local user account.
/etc/ssh2/ssh2_config
Specifies Secure Shell client configuration information.
/etc/ssh2/sshd2_config
Specifies Secure Shell server configuration information.
SEE ALSO
Commands: kinit(1), kdestroy(1), klist(1), rcp(1), rlogin(1), rshd(8),
ssh2(1), telnet(1)
Functions: rexec(3), rcmd(3)
Files: hosts.equiv(4), rhosts(4), ssh2_config(4)
Guides: Security Administration
|
Index for
Section 1 |
|
|
Alphabetical
listing for R |
|
 |
Top of
page |
|