rsh(1)rsh(1)NAMErsh - Executes a specified command on a remote host or logs into a
remote host
SYNOPSISrsh [-dfnx] [-l user] remote_host [command] [argument...]
The remote shell command (rsh) executes command at the remote_host, or,
if no command is specified, logs into remote_host.
OPTIONS
Turns on socket debugging (using setsockopt()) on the TCP sockets used
for communication with the remote host. Copies your Kerberos ticket
from the local host to the remote host to establish your Kerberos cre‐
dentials on the remote host. This option requires that the local and
remote hosts be configured to use Kerberos authentication in the same
or trusting Kerberos realms. The Kerberos ticket will remain on the
remote host until it either expires or it is explicitly destroyed. The
-f option is ignored when used with the -l option. Specifies to log
into the remote host using the specified username instead of the local
username. If this option is not specified, the local and remote user‐
names are the same. Specifies that the rsh command is to ignore input
from STDIN. Use this option if you put rsh in the background without
redirecting its input away from the terminal. If you do not use this
option in this situation, rsh blocks even if no reads are posted by the
remote command. Encrypts the data transmitted between the local host
and the remote host. This option requires that the local and remote
hosts be configured to use Kerberos authentication in the same or
trusting Kerberos realms.
DESCRIPTION
The rsh command sends standard input from a local host to a remote host
and receives standard output and standard error from the remote host.
By default, the rsh command executes the rlogin command if you do not
specify a command.
While the remote command is executing, pressing the Interrupt, Termi‐
nate, or Quit key sequences sends the corresponding signal to the
remote process. However, pressing the Stop key sequence stops only the
local process. Normally, when the remote command terminates, the local
rsh process terminates.
By default, metacharacters are interpreted by the local shell. To have
shell metacharacters interpreted on the remote host, place the
metacharacters inside double quotes.
The way that the remote host authenticates a user and transmits data
depends on if the local and remote hosts are using a basic connection
or a secure connection (Kerberos or Secure Shell). Basic and secure
connections provide user authentication; however, a secure connection
also provides client and server authentication, data encryption, data
integrity, and nonrepudiation.
Basic Connection
A basic connection is one where the rsh command connects to the remote
host and the remote host authenticates the user if one of the following
conditions is satisfied: If the local user ID is not the root user, and
the name of the local host is listed as an equivalent host in the
/etc/hosts.equiv file on the remote host. If the local user ID is the
root user or if the check of /etc/hosts.equiv fails, the user's home
directory on the remote host must contain a $HOME/.rhosts file that
lists the local host name and user name. The $HOME/.rhosts file must be
owned by either the remote user or the root user, and have permissions
set to 600 (read and write by owner only).
The rsh command allows access to the remote host if the remote user
account does not have a password defined. However, for security rea‐
sons, use of a password on all user accounts is recommended.
Secure Connection
A secure connection is one where the rsh command connects to the remote
host by using either Kerberos or Secure Shell. Kerberos and Secure
Shell are client/server applications that authenticate the client,
server, and user; encrypt data; and ensure data integrity and nonrepu‐
diation. See your system administrator to determine if your system is
running Kerberos or Secure Shell software. See the Security Administra‐
tion guide for more information about Kerberos and Secure Shell.
Kerberos
Kerberos does not use the /etc/host.equiv file or the $HOME/.rhosts
file for authentication. Kerberos authenticates by using secret-key
cryptography and tickets between Kerberos clients and Kerberos servers
in the same or trusting Kerberos realms. Once authenticated by Ker‐
beros, users receive a Kerberos Ticket Granting Ticket (TGT). Users
with a valid TGT are not prompted for a username or password when the
remote host is in the same or trusting Kerberos realm.
To use Kerberos to execute a command or log in to a remote host, enter
the rsh command with the -f and -x options.
Secure Shell
Secure Shell authenticates users by using passwords, host-based identi‐
fication, or public and private keys between Secure Shell clients and
servers.
By default, the rsh command will use Kerberos (with a valid TGT) when a
system is configured to use both Kerberos and Secure Shell.
To use Secure Shell to execute a command or log in to a remote host,
enter the Secure Shell ssh2 (or ssh) command instead of the rsh com‐
mand. The ssh2 command provides the same functionality and options as
the rsh command over a secure connection. See ssh2(1) for more informa‐
tion on using the Secure Shell ssh2 command.
Alternatively, you can configure the rsh, rlogin, and rcp commands and
applications that use the rcmd() function to automatically use a Secure
Shell connection by enabling the Secure Shell EnforceSecureRutils key‐
word in the /etc/ssh2/ssh2_config file or in a user's
$HOME/.ssh2/ssh2_config file. When the EnforceSecureRutils keyword is
enabled: The sshd daemon runs and spawns the srcmd child process; the
rshd daemon does not run. The rsh command can only use Secure Shell
host-based authentication to authenticate users.
See Security Administration for more information about configuring
Secure Shell host-based authentication and the EnforceSecureRutils key‐
word.
After it is determined that Secure Shell will be used, all authentica‐
tion and communication between the client and server will use the
Secure Shell connection. A connection is not established if a user can‐
not be authenticated.
RESTRICTIONS
The rsh command is confused by output generated by commands in a file
on the remote host. In particular, the messages, where are you? and
stty: Can't assign requested address can result if output is generated
by the startup file.
EXAMPLES
In the following examples, the local host host1 is listed in the
/etc/hosts.equiv file at the remote host host2. To check the amount of
free disk space on the remote host host2, enter: $ rsh host2 df To
append a remote file to another file on the remote host, place the >>
metacharacters in (double quotes): $ rsh host2 cat test1 ">>" test2 To
append a remote file at the remote host to a local file, omit the dou‐
ble quotes: $ rsh host2 cat test2 >> test3 To append a remote file to a
local file and use a remote user's permissions at the remote host, use
the -l option: $ rsh host2 -l jane cat test4 >> test5
The following examples use Kerberos. The local host host1 and the
remote host host2 are in the same Kerberos realm. To check the amount
of free disk space on the remote host over an encrypted connection,
enter: $ rsh-x host2 df To execute a command and forward your Kerberos
ticket to the remote host, enter: $ rsh-f host2 df
FILES
Specifies remote hosts from which users can execute commands on the
local host (provided these users have an account on the local host).
Specifies remote users that can use a local user account. Specifies
Secure Shell client configuration information. Specifies Secure Shell
server configuration information.
SEE ALSO
Commands: kinit(1), kdestroy(1), klist(1), rcp(1), rlogin(1), rshd(8),
ssh2(1), telnet(1)
Functions: rexec(3), rcmd(3)
Files: hosts.equiv(4), rhosts(4), ssh2_config(4)
Guides: Security Administration
rsh(1)
