remsh.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

remsh(1) remsh(1)

NAME

remsh, rexec - execute from a remote shell

SYNOPSIS

remsh host [-l username ][-n

] command

host [

-l username ][-n

] command

rexec host [-l username ][-n

] command

In Kerberos V5 Network Authentication Environments

remsh host [-l username ][-f

|-F][-k realm ][-P][-n] command

host [

-l username ][-f|

-F][-k realm ][-P][-n] command

DESCRIPTION

remsh connects to a speciﬁed host and executes a speciﬁed command. The host name can be either the

ofﬁcial name or an alias as understood by

gethostbyname()

(see gethostent (3N) and hosts (4)).

remsh copies its standard input (stdin

) to the remote command, the standard output of the remote

command to its standard output (

stdout

), and the standard error of the remote command to its stan-

dard error (

stderr). Hangup, interrupt, quit, terminate, and broken pipe signals are propagated to the

remote command. remsh exits when the sockets associated with

stdout and stderr of the remote

command are closed. This means that

remsh normally terminates when the remote command does (see

remshd(1M)).

By default,

remsh uses the following path when executing the speciﬁed command:

/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin

remsh uses the default remote login shell with the -c option to execute the remote command. If the

default remote shell is csh, csh sources the remote .cshrc ﬁle before the command. remsh

cannot be

used to run commands that require a terminal interface (such as

vi) or commands that read their stan-

dard error (such as more). In such cases, use rlogin or telnet instead (see rlogin (1) and telnet (1)).

The remote account name used is the same as your local account name, unless you specify a different

remote name with the

-l option. This remote account name must be equivalent to the originating

account. In addition, the remote host account name must also conform to other rules, which differ

depending upon whether the remote host is operating in a Kerberos V5 Network Authentication, i.e.,

secure environment, or not.

In a non-secure, or traditional environment, the remote account name must be equivalent to the originat-

ing account; no provision is made for specifying a password with a command. For more details about

equivalent hosts and how to specify them, see hosts.equiv (4). The ﬁles inspected by

remshd on the

remote host are /etc/hosts.equiv

and $HOME/.rhosts (see remshd (1M)).

In a Kerberos V5 Network Authentication environment, the local host must be successfully authenticated

before the remote account name is checked for proper authorization. The authorization mechanism is

dependent on the command line options used to invoke

remshd on the remote host (i.e., -K,

-R, -r,or

-k). For more information on Kerberos authentication and authorization see the Secure Internet Ser-

vices man page, sis (5) and remshd (1M).

Although Kerberos authentication and authorization may apply, the Kerberos mechanism is not applied

to the command or to its response. All the information that is transferred between the local and remote

host is still sent in cleartext over the network.

The default Kerberos options for the applications are set in the

krb5.conf conﬁguration ﬁle. Refer to

the appdefaults Section in the krb5.conf (4) manpage for more information. The options -f, and -F

described in the subsequent paragraphs, can be set in the krb5.conf ﬁle with the tag names forward,

and forwardable respectively. Refer to the krb5.conf(4) manpage for more information on the appde-

faults Section .

The

fallback option can be set in the krb5.conf ﬁle within the appdefaults Section .Iffallback

is set to true and the kerberos authentication fails, remsh will use the non-secure mode of authentica-

tion.

Note: Command line options override the conﬁguration ﬁle options.

In a secure or Kerberos V5-based environment, the following command line options are available:

-f Forward the ticket granting ticket (TGT) to the remote system. The TGT is not for-

wardable from that remote system.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
remsh(1) remsh(1) NAME remsh, rexec - execute from a remote shell SYNOPSIS remsh host [-l username ] [-n] command host [-l username ] [-n] command rexec host [-l username ] [-n] command In Kerberos V5 Network Authentication Environments remsh host [-l username ] [-f|-F] [-k realm ] [-P] [-n] command host [-l username ] [-f|-F] [-k realm ] [-P] [-n] command DESCRIPTION remsh connects to a specified host and executes a specified command.
PAGE 2
remsh(1) remsh(1) -F Forward the TGT to the remote system and have it forwardable from there to another remote system. The -f option and -F option are mutually exclusive. -k realm Obtain tickets from the remote host in the specified realm instead of the remote host’s default realm as specified in the configuration file krb.realms. -P Disable Kerberos authentication.
PAGE 3
remsh(1) remsh(1) remsh otherhost -n "command 1>&- 2>&- &" (See remshd (1M) and sh(1)). If your login shell on the remote system is csh , use the following form instead: remsh otherhost -n "sh -c \"command 1>&- 2>&- &\"" RETURN VALUE If remsh fails to set up the secondary socket connection, it returns 2. If it fails in some other way, it returns 1. If it fully succeeds in setting up a connection with remshd, it returns 0 once the remote command has completed.
PAGE 4
(Notes) A (Notes) rA 4 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010