2 RSH(1) UNIX Reference Manual RSH(1)
5 r
\brs
\bsh
\bh - remote shell
7 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
8 r
\brs
\bsh
\bh [-
\b-4
\b45
\b5F
\bFG
\bGK
\bKd
\bde
\bef
\bfn
\bnu
\bux
\bxz
\bz] [-
\b-U
\bU _
\bs_
\bt_
\br_
\bi_
\bn_
\bg] [-
\b-p
\bp _
\bp_
\bo_
\br_
\bt] [-
\b-l
\bl _
\bu_
\bs_
\be_
\br_
\bn_
\ba_
\bm_
\be] [-
\b-P
\bP _
\bN_
\b|_
\bO] _
\bh_
\bo_
\bs_
\bt
9 _
\b[_
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd_
\b]
11 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
12 r
\brs
\bsh
\bh authenticates to the rshd(8) daemon on the remote _
\bh_
\bo_
\bs_
\bt, and then exe-
13 cutes the specified _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd.
15 r
\brs
\bsh
\bh copies its standard input to the remote command, and the standard
16 output and error of the remote command to its own.
20 -
\b-4
\b4, -
\b--
\b-k
\bkr
\brb
\bb4
\b4
21 The -
\b-4
\b4 option requests Kerberos 4 authentication. Normally all
22 supported authentication mechanisms will be tried, but in some
23 cases more explicit control is desired.
25 -
\b-5
\b5, -
\b--
\b-k
\bkr
\brb
\bb5
\b5
26 The -
\b-5
\b5 option requests Kerberos 5 authentication. This is analo-
27 gous to the -
\b-4
\b4 option.
29 -
\b-K
\bK, -
\b--
\b-b
\bbr
\bro
\bok
\bke
\ben
\bn
30 The -
\b-K
\bK option turns off all Kerberos authentication. The long
31 name implies that this is more or less totally unsecure. The se-
32 curity in this mode relies on reserved ports, which is not very
35 -
\b-n
\bn, -
\b--
\b-n
\bno
\bo-
\b-i
\bin
\bnp
\bpu
\but
\bt
36 The -
\b-n
\bn option directs the input from the _
\b/_
\bd_
\be_
\bv_
\b/_
\bn_
\bu_
\bl_
\bl device (see
37 the _
\bB_
\bU_
\bG_
\bS section of this manual page).
39 -
\b-e
\be, -
\b--
\b-n
\bno
\bo-
\b-s
\bst
\btd
\bde
\ber
\brr
\br
40 Don't use a separate socket for the stderr stream. This can be
41 necessary if rsh-ing through a NAT bridge.
43 -
\b-x
\bx, -
\b--
\b-e
\ben
\bnc
\bcr
\bry
\byp
\bpt
\bt
44 The -
\b-x
\bx option enables encryption for all data exchange. This is
45 only valid for Kerberos authenticated connections (see the _
\bB_
\bU_
\bG_
\bS
46 section for limitations).
48 -
\b-z
\bz The opposite of -
\b-x
\bx. This is the default, but encryption can be
49 enabled when using Kerberos 5, by setting the libdefaults/encrypt
50 option in krb5.conf(5).
52 -
\b-f
\bf, -
\b--
\b-f
\bfo
\bor
\brw
\bwa
\bar
\brd
\bd
53 Forward Kerberos 5 credentials to the remote host. Also con-
54 trolled by libdefaults/forward in krb5.conf(5).
56 -
\b-G
\bG The opposite of -
\b-f
\bf.
58 -
\b-F
\bF, -
\b--
\b-f
\bfo
\bor
\brw
\bwa
\bar
\brd
\bda
\bab
\bbl
\ble
\be
59 Make the forwarded credentials re-forwardable. Also controlled by
60 libdefaults/forwardable in krb5.conf(5).
62 -
\b-u
\bu, -
\b--
\b-u
\bun
\bni
\biq
\bqu
\bue
\be
63 Make sure the remote credentials cache is unique, that is, don't
66 reuse any existing cache. Mutually exclusive to -
\b-U
\bU.
68 -
\b-U
\bU _
\bs_
\bt_
\br_
\bi_
\bn_
\bg, -
\b--
\b-t
\btk
\bkf
\bfi
\bil
\ble
\be=
\b=_
\bs_
\bt_
\br_
\bi_
\bn_
\bg
69 Name of the remote credentials cache. Mutually exclusive to -
\b-u
\bu.
71 -
\b-p
\bp _
\bn_
\bu_
\bm_
\bb_
\be_
\br_
\b-_
\bo_
\br_
\b-_
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be, -
\b--
\b-p
\bpo
\bor
\brt
\bt=
\b=_
\bn_
\bu_
\bm_
\bb_
\be_
\br_
\b-_
\bo_
\br_
\b-_
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be
72 Connect to this port instead of the default (which is 514 when
73 using old port based authentication, 544 for Kerberos 5 and non-
74 encrypted Kerberos 4, and 545 for encrytpted Kerberos 4; subject
75 of course to the contents of _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\be_
\br_
\bv_
\bi_
\bc_
\be_
\bs).
77 -
\b-l
\bl _
\bs_
\bt_
\br_
\bi_
\bn_
\bg, -
\b--
\b-u
\bus
\bse
\ber
\br=
\b=_
\bs_
\bt_
\br_
\bi_
\bn_
\bg
78 By default the remote username is the same as the local. The -
\b-l
\bl
79 option or the _
\bu_
\bs_
\be_
\br_
\bn_
\ba_
\bm_
\be_
\b@_
\bh_
\bo_
\bs_
\bt format allow the remote name to be
82 -
\b-P
\bP _
\bN_
\b|_
\bO_
\b|_
\b1_
\b|_
\b2, -
\b--
\b-p
\bpr
\bro
\bot
\bto
\boc
\bco
\bol
\bl=
\b=_
\bN_
\b|_
\bO_
\b|_
\b1_
\b|_
\b2
83 Specifies which protocol version to use with Kerberos 5. _
\bN and _
\b2
84 selects protocol version 2, while _
\bO and _
\b1 selects version 1. Ver-
85 sion 2 is believed to be more secure, and is the default. Unless
86 asked for a specific version, r
\brs
\bsh
\bh will try both. This behaviour
87 may change in the future.
89 E
\bEX
\bXA
\bAM
\bMP
\bPL
\bLE
\bES
\bS
90 Care should be taken when issuing commands containing shell meta charac-
91 ters. Without quoting, these will be expanded on the local machine.
93 The following command:
95 rsh otherhost cat remotefile > localfile
97 will write the contents of the remote _
\br_
\be_
\bm_
\bo_
\bt_
\be_
\bf_
\bi_
\bl_
\be to the local _
\bl_
\bo_
\bc_
\ba_
\bl_
\bf_
\bi_
\bl_
\be,
100 rsh otherhost 'cat remotefile > remotefile2'
102 will write it to the remote _
\br_
\be_
\bm_
\bo_
\bt_
\be_
\bf_
\bi_
\bl_
\be_
\b2.
107 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
108 rlogin(1), krb_realmofhost(3), krb_sendauth(3), hosts.equiv(5),
109 krb5.conf(5), rhosts(5), kerberos(8) rshd(8)
111 H
\bHI
\bIS
\bST
\bTO
\bOR
\bRY
\bY
112 The r
\brs
\bsh
\bh command appeared in 4.2BSD.
114 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bRS
\bS
115 This implementation of r
\brs
\bsh
\bh was written as part of the Heimdal Kerberos 5
119 Some shells (notably csh(1)) will cause r
\brs
\bsh
\bh to block if run in the back-
120 ground, unless the standard input is directed away from the terminal.
121 This is what the -
\b-n
\bn option is for.
123 The -
\b-x
\bx options enables encryption for the session, but for both Kerberos
124 4 and 5 the actual command is sent unencrypted, so you should not send
125 any secret information in the command line (which is probably a bad idea
126 anyway, since the command line can usually be read with tools like
127 ps(1)). Forthermore in Kerberos 4 the command is not even integrity pro-
128 tected, so anyone with the right tools can modify the command.
130 HEIMDAL September 4, 2002 2