| version 1.13, 2003/06/03 02:56:15 |
version 1.14, 2003/07/25 09:49:02 |
|
|
| .Nd remote shell |
.Nd remote shell |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm rsh |
.Nm rsh |
| .Op Fl Kdnx |
.Op Fl dn |
| .Op Fl k Ar realm |
|
| .Op Fl l Ar username |
.Op Fl l Ar username |
| .Ar hostname |
.Ar hostname |
| .Op Ar command |
.Op Ar command |
|
|
| .Nm |
.Nm |
| normally terminates when the remote command does. |
normally terminates when the remote command does. |
| .Pp |
.Pp |
| .Nm |
|
| first attempts to use the Kerberos authorization mechanism, described below. |
|
| If the remote host does not support Kerberos the standard Berkeley |
|
| .Pa rhosts |
|
| authorization mechanism is used. |
|
| .Pp |
|
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl K |
|
| Disable all Kerberos authentication. |
|
| .It Fl d |
.It Fl d |
| Enable socket debugging (using |
Enable socket debugging (using |
| .Xr setsockopt 2 ) |
.Xr setsockopt 2 ) |
| on the |
on the |
| .Tn TCP |
.Tn TCP |
| sockets used for communication with the remote host. |
sockets used for communication with the remote host. |
| .It Fl k |
|
| Causes |
|
| .Nm |
|
| to obtain tickets for the remote host in |
|
| .Ar realm |
|
| instead of the remote host's realm as determined by |
|
| .Xr krb_realmofhost 3 . |
|
| .It Fl l |
.It Fl l |
| By default, the remote username is the same as the local username. |
By default, the remote username is the same as the local username. |
| The |
The |
|
|
| .\" directory /usr/hosts. |
.\" directory /usr/hosts. |
| .\" If this directory is included in your search path, you can use the |
.\" If this directory is included in your search path, you can use the |
| .\" shorthand ``host command'' for the longer form ``rsh host command''. |
.\" shorthand ``host command'' for the longer form ``rsh host command''. |
| .Sh KERBEROS AUTHENTICATION |
|
| If Kerberos is configured on the system, each user may have a private |
|
| authorization list in the file |
|
| .Pa .klogin |
|
| in their home directory. |
|
| Each line in this file should contain a Kerberos principal name of the form |
|
| .Ar principal.instance@realm . |
|
| If the originating user is authenticated to one of the principals named in |
|
| .Pa .klogin , |
|
| access is granted to the account. |
|
| The principal |
|
| .Ar accountname.@localrealm |
|
| is granted access if there is no |
|
| .Pa .klogin |
|
| file. |
|
| Otherwise a login and password will be prompted for on the remote machine |
|
| as in |
|
| .Xr login 1 . |
|
| To avoid certain security problems, the |
|
| .Pa .klogin |
|
| file must be owned by the remote user. |
|
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width /etc/hosts -compact |
.Bl -tag -width /etc/hosts -compact |
| .It Pa /etc/hosts |
.It Pa /etc/hosts |
| .El |
.El |
| .Sh SEE ALSO |
.Sh SEE ALSO |
| .Xr telnet 1 , |
.Xr telnet 1 , |
| .Xr kerberos 3 , |
|
| .Xr krb_realmofhost 3 , |
|
| .Xr krb_sendauth 3 , |
|
| .Xr rcmd 3 |
.Xr rcmd 3 |
| .Sh HISTORY |
.Sh HISTORY |
| The |
The |
|
|
| .Nm |
.Nm |
| process only; this is arguably wrong, but currently hard to fix for reasons |
process only; this is arguably wrong, but currently hard to fix for reasons |
| too complicated to explain here. |
too complicated to explain here. |
| .Pp |
|
| .Nm |
|
| does not currently support encryption of the datastream when Kerberos |
|
| authentication is used. |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to rsh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / rsh