1 .\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan
2 .\" (Royal Institute of Technology, Stockholm, Sweden).
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the Institute nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" $Id: rsh.1,v 1.6 2003/04/16 19:57:25 lha Exp $
55 and then executes the specified
59 copies its standard input to the remote command, and the standard
60 output and error of the remote command to its own.
70 option requests Kerberos 4 authentication. Normally all supported
71 authentication mechanisms will be tried, but in some cases more
72 explicit control is desired.
79 option requests Kerberos 5 authentication. This is analogous to the
88 option turns off all Kerberos authentication. The long name implies
89 that this is more or less totally unsecure. The security in this mode
90 relies on reserved ports, which is not very secure.
97 option directs the input from the
101 section of this manual page).
106 Don't use a separate socket for the stderr stream. This can be
107 necessary if rsh-ing through a NAT bridge.
114 option enables encryption for all data exchange. This is only valid
115 for Kerberos authenticated connections (see the
117 section for limitations).
123 This is the default, but encryption can be enabled when using
124 Kerberos 5, by setting the
125 .Li libdefaults/encrypt
132 Forward Kerberos 5 credentials to the remote host. Also controlled by
133 .Li libdefaults/forward
145 Make the forwarded credentials re-forwardable. Also controlled by
146 .Li libdefaults/forwardable
153 Make sure the remote credentials cache is unique, that is, don't reuse
154 any existing cache. Mutually exclusive to
158 .Fl -tkfile= Ns Pa string
160 Name of the remote credentials cache. Mutually exclusive to
163 .Fl p Ar number-or-service ,
164 .Fl -port= Ns Ar number-or-service
166 Connect to this port instead of the default (which is 514 when using
167 old port based authentication, 544 for Kerberos 5 and non-encrypted
168 Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to
170 .Pa /etc/services ) .
173 .Fl -user= Ns Ar string
175 By default the remote username is the same as the local. The
179 format allow the remote name to be specified.
182 .Fl -protocol= Ns Ar N|O|1|2
184 Specifies which protocol version to use with Kerberos 5.
188 selects protocol version 2, while
192 selects version 1. Version 2 is believed to be more secure, and is the
193 default. Unless asked for a specific version,
195 will try both. This behaviour may change in the future.
203 .\"with the same arguments.
205 Care should be taken when issuing commands containing shell meta
206 characters. Without quoting, these will be expanded on the local
209 The following command:
211 .Dl rsh otherhost cat remotefile > localfile
213 will write the contents of the remote
219 .Dl rsh otherhost 'cat remotefile > remotefile2'
221 will write it to the remote
225 .Bl -tag -width /etc/hosts -compact
231 .Xr krb_realmofhost 3 ,
245 This implementation of
247 was written as part of the Heimdal Kerberos 5 implementation.
253 to block if run in the background, unless the standard input is directed away from the terminal. This is what the
259 options enables encryption for the session, but for both Kerberos 4
260 and 5 the actual command is sent unencrypted, so you should not send
261 any secret information in the command line (which is probably a bad
262 idea anyway, since the command line can usually be read with tools
265 Forthermore in Kerberos 4 the command is not even integrity
266 protected, so anyone with the right tools can modify the command.