unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 remsh(1)			  Kerberos			    remsh(1)




 NAME
      remsh, rexec - execute from a remote shell

 SYNOPSIS
      remsh host [-l username] [-f/F] [-k realm] [-P] [-n] command
	    host [-l username] [-f/F] [-k realm] [-P] [-n] command

      rexec host [-l username] [-n] command

 DESCRIPTION
      remsh connects to the specified host and executes the specified
      command.	The host name can be either the official name or an alias as
      understood by gethostbyname() (see gethostent(3N) and hosts(4)).
      remsh copies its standard input (stdin) to the remote command, and the
      standard output of the remote command to its standard output (stdout),
      and the standard error of the remote command to its standard error
      (stderr).	 Hangup, interrupt, quit, terminate, and broken pipe signals
      are propagated to the remote command.  remsh exits when the sockets
      associated with stdout and stderr of the remote command are closed.
      This means that remsh normally terminates when the remote command does
      (see remshd(1M)).

      By default, remsh uses the following path when executing the specified
      command:

	   /usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin

      remsh uses the default remote login shell with the -c option to
      execute the remote command.  If the default remote shell is csh, csh
      sources the remote .cshrc file before the command.  remsh cannot be
      used to run commands that require a terminal interface (such as vi) or
      commands that read their standard error (such as more).  In such
      cases, use rlogin or telnet instead (see rlogin(1) and telnet(1)).

      The remote account name used is the same as your local account name,
      unless you specify a different remote name with the -l option.  In
      addition, the remote host account name must also conform to other
      rules which differ depending upon whether the remote host is operating
      in a Kerberos V5 Network Authentication, i.e., secure environment or
      not.  In a non-secure, or traditional environment, the remote account
      name must be equivalent to the originating account; no provision is
      made for specifying a password with a command.  For more details about
      equivalent hosts and how to specify them, see hosts.equiv(4).  The
      files inspected by remshd on the remote host are /etc/hosts.equiv and
      $HOME/.rhosts (see remshd(1M)).

      In a Kerberos V5 Network Authentication environment, the local host
      must be successfully authenticated before the remote account name is
      checked for proper authorization.	 The authorization mechanism is
      dependent on the command line options used to invoke remshd on the
      remote host (i.e., -K, -R, -r, or -k).  For further information on



 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 remsh(1)			  Kerberos			    remsh(1)




      Kerberos authentication and authorization see the Secure Internet
      Services man page, sis(5) and remshd(1M).

      Although Kerberos authentication and authorization may apply, the
      Kerberos mechanism is not applied to the command or to its response.
      All information transferred between the local and remote host is still
      sent in cleartext over the network.

      In a secure or Kerberos V5-based environment, the following command
      line options are available:

	   -f	     Forward the ticket granting ticket (TGT) to the remote
		     system. The TGT is not forwardable from there.

	   -F	     Forward the TGT to the remote system and have it
		     forwardable from there to another remote system.  -f
		     and -F are mutually exclusive.

	   -k realm  Obtain tickets from the remote host in the specified
		     realm instead of the remote host's default realm as
		     specified in the configuration file krb.realms.

	   -P	     Disable Kerberos authentication.

      If a command is not specified, instead of executing a single command,
      you will be logged in on the remote host using rlogin (see rlogin(1)).
      Any rlogin options typed in on the command line are transmitted to
      rlogin.  If no command and the option -P is specified, rlogin will be
      invoked with -P to indicate that Kerberos authentication (or secure
      access) is not required.	This will mean that if a password is
      requested, the password will be sent in cleartext.  If a command is
      specified, options specific to rlogin are ignored by remsh.

      If a command and the option -n are specified, then standard input is
      redirected to remsh by /dev/null.	 If -n is not specified (the default
      case), remsh reads its standard input and sends the input to the
      remote command. This is  because remsh has no way to determine whether
      the remote command requires input.  This option is useful when running
      a shell script containing a remsh command, since otherwise remsh may
      use input not intended for it.  The -n option is also useful when
      running remsh in the background from a job control shell, /usr/bin/csh
      or /usr/bin/ksh.	Otherwise, remsh stops and waits for input from the
      terminal keyboard for the remote command.	 /usr/bin/sh automatically
      redirects its input from /dev/null when jobs are run in the
      background.

      Host names for remote hosts can also be commands (linked to remsh) in
      the directory /usr/hosts.	 If this directory is specified in the $PATH
      environment variable, you can omit remsh.	 For example, if remotehost
      is the name of a remote host, /usr/hosts/remotehost is linked to
      remsh, and if /usr/hosts is in your search path, the command



 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 remsh(1)			  Kerberos			    remsh(1)




	   remotehost command

      executes command on remotehost, and the command

	   remotehost

      is equivalent to

	   rlogin remotehost

      The rexec command works the same as remsh except that it uses the
      rexec() library routine and rexecd for command execution (see
      rexec(3N) and rexecd(1M)) and does not support Kerberos
      authentication.  rexec prompts for a password before executing the
      command instead of using hosts.equiv for authentication.	It should be
      used in instances where a password to a remote account is known but
      there are insufficient permissions for remsh.

 EXAMPLES
      Shell metacharacters that are not quoted are interpreted on the local
      host; quoted metacharacters are interpreted on the remote host.  Thus
      the command line:

	   remsh otherhost cat remotefile >&gt&gt>>&gt&gt> localfile

      appends the remote file remotefile to the local file localfile, while
      the command line

	   remsh otherhost cat remotefile ">&gt&gt>>&gt&gt>" otherremotefile

      appends remotefile to the remote file otherremotefile.

      If the remote shell is /usr/bin/sh, the following command line sets up
      the environment for the remote command before executing the remote
      command:

	   remsh otherhost . .profile 2>&gt&gt>&&amp&amp&- \; command

      The 2>&gt&gt>&&amp&amp&- throws away error messages generated by executing .profile
      when stdin and stdout are not a terminal.

      The following command line runs remsh in the background on the local
      system, and the output of the remote command comes to your terminal
      asynchronously:

	   remsh otherhost -n command &&amp&amp&

      The background remsh completes when the remote command does.

      The following command line causes remsh to return immediately without
      waiting for the remote command to complete:



 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000






 remsh(1)			  Kerberos			    remsh(1)




	   remsh otherhost -n "command 1>&gt&gt>&&amp&amp&- 2>&gt&gt>&&amp&amp&- &&amp&amp&"

      (See remshd(1M) and sh(1)).  If your login shell on the remote system
      is csh, use the following form instead:

	   remsh otherhost -n "sh -c \"command 1>&gt&gt>&&amp&amp&- 2>&gt&gt>&&amp&amp&- &&amp&amp&\""

 RETURN VALUE
      If remsh fails to set up the secondary socket connection, it returns
      2.  If it fails in some other way, it returns 1.	If it fully succeeds
      in setting up a connection with remshd, it returns 0 once the remote
      command has completed.  Note that the return value of remsh bears no
      relation to the return value of the remote command.

 DIAGNOSTICS
      Besides the errors listed below, errors can also be generated by the
      library functions rcmd() and rresvport() which are used by remsh (see
      rcmd(3N)).  Those errors are preceded by the name of the library
      function that generated them.  remsh can produce the following
      diagnostic messages:

	   Error! could not retrieve authentication type.

	   Please notify sys admin.
		There are two authentication mechanisms used by remsh.	One
		authentication mechanism is based on Kerberos and the other
		is not.	 The type of authentication mechanism is obtained
		from a system file which is updated by inetsvcs_sec (see
		inetsvcs_sec(1M)).  If the system file does not contain
		known authentication types, the above error is displayed.

	   rlogin: ...
		Error in executing rlogin (rlogin is executed when the user
		does not specify any commands to be executed).	This is
		followed by the error message specifying why the execution
		failed.

	   shell/tcp: Unknown service
		The ``shell'' service specification is not present in the
		/etc/services file.

	   Can't establish stderr
		remsh cannot establish secondary socket connection for
		stderr.

	   <system call>: ...
		Error in executing system call.	 Appended to this error is a
		message specifying the cause of the failure.

	   There is no entry for you (user ID uid) in /etc/passwd
		Check with the system administrator to see if your entry in



 Hewlett-Packard Company	    - 4 -   HP-UX Release 11i: November 2000






 remsh(1)			  Kerberos			    remsh(1)




		the password file has been deleted by mistake.

	   rcmd: connect: <&lt&lt&lt;hostname>&gt&gt&gt;: Connection refused
		One cause for display of this generic error message could be
		due to the absence of an entry for shell in /etc/inetd.conf
		on the remote system.  This entry may have been removed or
		commented out to prevent non-secure access.

      Kerberos-specific errors are listed in sis(5).

 WARNINGS
      For security reasons, the /etc/hosts.equiv and .rhosts files should
      exist, even if empty, and should be readable and writable only by the
      owner.

      If remsh is run with an interactive command it hangs.

 DEPENDENCIES
      remsh is the same service as rsh on BSD systems.	The name was changed
      due to a conflict with the existing System V command rsh (restricted
      shell).

 AUTHOR
      remsh was developed by the University of California, Berkeley.

 FILES
      /usr/hosts/*	 for version of the command invoked only with
			 hostname

 SEE ALSO
      rlogin(1), remshd(1M), rexecd(1M), inetsvcs_sec(1M), gethostent(3N),
      rcmd(3N), rexec(3N), hosts.equiv(4), hosts(4), sis(5).






















 Hewlett-Packard Company	    - 5 -   HP-UX Release 11i: November 2000