Annotation of src/usr.bin/rsh/rsh.1, Revision 1.12
1.12 ! deraadt 1: .\" $OpenBSD: rsh.1,v 1.11 2002/05/06 22:50:03 millert Exp $
1.6 aaron 2: .\"
1.1 deraadt 3: .\" Copyright (c) 1983, 1990 The Regents of the University of California.
4: .\" All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
14: .\" 3. All advertising materials mentioning features or use of this software
15: .\" must display the following acknowledgement:
16: .\" This product includes software developed by the University of
17: .\" California, Berkeley and its contributors.
18: .\" 4. Neither the name of the University nor the names of its contributors
19: .\" may be used to endorse or promote products derived from this software
20: .\" without specific prior written permission.
21: .\"
22: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32: .\" SUCH DAMAGE.
33: .\"
34: .\" from: @(#)rsh.1 6.10 (Berkeley) 7/24/91
35: .\"
36: .Dd July 24, 1991
37: .Dt RSH 1
1.5 aaron 38: .Os
1.1 deraadt 39: .Sh NAME
40: .Nm rsh
41: .Nd remote shell
42: .Sh SYNOPSIS
43: .Nm rsh
44: .Op Fl Kdnx
45: .Op Fl k Ar realm
46: .Op Fl l Ar username
1.7 aaron 47: .Ar hostname
1.4 aaron 48: .Op Ar command
1.1 deraadt 49: .Sh DESCRIPTION
1.6 aaron 50: .Nm
1.1 deraadt 51: executes
52: .Ar command
53: on
1.7 aaron 54: .Ar hostname .
1.1 deraadt 55: .Pp
1.11 millert 56: .Em Note:
57: .Nm
58: has been deprecated in favor of
59: .Xr ssh 1 .
60: Use of
61: .Nm
62: is discouraged due to the inherent insecurity of host-based authentication.
63: .Pp
1.6 aaron 64: .Nm
1.1 deraadt 65: copies its standard input to the remote command, the standard
66: output of the remote command to its standard output, and the
67: standard error of the remote command to its standard error.
68: Interrupt, quit and terminate signals are propagated to the remote
69: command;
1.6 aaron 70: .Nm
1.1 deraadt 71: normally terminates when the remote command does.
1.6 aaron 72: .Pp
1.11 millert 73: .Nm
74: first attempts to use the Kerberos authorization mechanism, described below.
75: If the remote host does not support Kerberos the standard Berkeley
76: .Pa rhosts
77: authorization mechanism is used.
78: .Pp
1.1 deraadt 79: The options are as follows:
1.8 aaron 80: .Bl -tag -width Ds
1.1 deraadt 81: .It Fl K
1.7 aaron 82: Disable all Kerberos authentication.
1.1 deraadt 83: .It Fl d
1.7 aaron 84: Enable socket debugging (using
1.6 aaron 85: .Xr setsockopt 2 )
1.1 deraadt 86: on the
87: .Tn TCP
88: sockets used for communication with the remote host.
89: .It Fl k
1.7 aaron 90: Causes
1.6 aaron 91: .Nm
1.1 deraadt 92: to obtain tickets for the remote host in
93: .Ar realm
94: instead of the remote host's realm as determined by
1.6 aaron 95: .Xr krb_realmofhost 3 .
1.1 deraadt 96: .It Fl l
97: By default, the remote username is the same as the local username.
98: The
99: .Fl l
100: option allows the remote name to be specified.
101: .It Fl n
1.7 aaron 102: Redirect input from the special device
1.1 deraadt 103: .Pa /dev/null
104: (see the
105: .Sx BUGS
106: section of this manual page).
107: .El
108: .Pp
109: If no
110: .Ar command
111: is specified, you will be logged in on the remote host using
1.11 millert 112: .Nm rlogin
113: if it exists on the system or
114: .Xr telnet 1
115: if not.
1.7 aaron 116: .Pp
117: If
118: .Nm
119: is not invoked with the standard program name
120: .Pq Dq rsh ,
121: it uses this name as its
122: .Ar hostname
123: argument.
1.1 deraadt 124: .Pp
1.4 aaron 125: Shell meta-characters which are not quoted are interpreted on local machine,
126: while quoted meta-characters are interpreted on the remote machine.
1.1 deraadt 127: For example, the command
128: .Pp
1.12 ! deraadt 129: .Dl $ rsh otherhost cat remotefile >> localfile
1.1 deraadt 130: .Pp
131: appends the remote file
132: .Ar remotefile
133: to the local file
134: .Ar localfile ,
135: while
136: .Pp
1.12 ! deraadt 137: .Dl $ rsh otherhost cat remotefile \&">>\&" other_remotefile
1.1 deraadt 138: .Pp
139: appends
140: .Ar remotefile
141: to
142: .Ar other_remotefile .
143: .\" .Pp
144: .\" Many sites specify a large number of host names as commands in the
145: .\" directory /usr/hosts.
146: .\" If this directory is included in your search path, you can use the
147: .\" shorthand ``host command'' for the longer form ``rsh host command''.
1.11 millert 148: .Sh KERBEROS AUTHENTICATION
149: If Kerberos is configured on the system, each user may have a private
150: authorization list in the file
151: .Pa .klogin
152: in their home directory.
153: Each line in this file should contain a Kerberos principal name of the form
154: .Ar principal.instance@realm .
155: If the originating user is authenticated to one of the principals named in
156: .Pa .klogin ,
157: access is granted to the account.
158: The principal
159: .Ar accountname.@localrealm
160: is granted access if there is no
161: .Pa .klogin
162: file.
163: Otherwise a login and password will be prompted for on the remote machine
164: as in
165: .Xr login 1 .
166: To avoid certain security problems, the
167: .Pa .klogin
168: file must be owned by the remote user.
1.1 deraadt 169: .Sh FILES
170: .Bl -tag -width /etc/hosts -compact
171: .It Pa /etc/hosts
172: .El
173: .Sh SEE ALSO
1.11 millert 174: .Xr telnet 1 ,
1.1 deraadt 175: .Xr kerberos 3 ,
1.4 aaron 176: .Xr krb_realmofhost 3 ,
1.1 deraadt 177: .Xr krb_sendauth 3 ,
1.3 deraadt 178: .Xr rcmd 3
1.1 deraadt 179: .Sh HISTORY
180: The
1.6 aaron 181: .Nm
1.1 deraadt 182: command appeared in
183: .Bx 4.2 .
184: .Sh BUGS
185: If you are using
1.6 aaron 186: .Xr csh 1
1.1 deraadt 187: and put a
1.6 aaron 188: .Nm
1.1 deraadt 189: in the background without redirecting its input away from the terminal,
190: it will block even if no reads are posted by the remote command.
191: If no input is desired you should redirect the input of
1.6 aaron 192: .Nm
1.1 deraadt 193: to
194: .Pa /dev/null
195: using the
196: .Fl n
197: option.
198: .Pp
199: You cannot run an interactive command
200: (like
1.6 aaron 201: .Xr rogue 6
1.1 deraadt 202: or
1.6 aaron 203: .Xr vi 1 )
1.1 deraadt 204: using
1.6 aaron 205: .Nm rsh ;
1.1 deraadt 206: use
1.11 millert 207: .Xr telnet 1
1.1 deraadt 208: instead.
209: .Pp
210: Stop signals stop the local
1.6 aaron 211: .Nm
1.1 deraadt 212: process only; this is arguably wrong, but currently hard to fix for reasons
213: too complicated to explain here.
1.9 hin 214: .Pp
215: .Nm
1.10 hin 216: does not currently support encryption of the datastream when Kerberos
1.9 hin 217: authentication is used.