Annotation of src/usr.bin/rsh/rsh.1, Revision 1.13
1.13 ! millert 1: .\" $OpenBSD: rsh.1,v 1.12 2002/11/14 02:57:28 deraadt Exp $
1.6 aaron 2: .\"
1.1 deraadt 3: .\" Copyright (c) 1983, 1990 The Regents of the University of California.
4: .\" All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
1.13 ! millert 14: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 15: .\" may be used to endorse or promote products derived from this software
16: .\" without specific prior written permission.
17: .\"
18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28: .\" SUCH DAMAGE.
29: .\"
30: .\" from: @(#)rsh.1 6.10 (Berkeley) 7/24/91
31: .\"
32: .Dd July 24, 1991
33: .Dt RSH 1
1.5 aaron 34: .Os
1.1 deraadt 35: .Sh NAME
36: .Nm rsh
37: .Nd remote shell
38: .Sh SYNOPSIS
39: .Nm rsh
40: .Op Fl Kdnx
41: .Op Fl k Ar realm
42: .Op Fl l Ar username
1.7 aaron 43: .Ar hostname
1.4 aaron 44: .Op Ar command
1.1 deraadt 45: .Sh DESCRIPTION
1.6 aaron 46: .Nm
1.1 deraadt 47: executes
48: .Ar command
49: on
1.7 aaron 50: .Ar hostname .
1.1 deraadt 51: .Pp
1.11 millert 52: .Em Note:
53: .Nm
54: has been deprecated in favor of
55: .Xr ssh 1 .
56: Use of
57: .Nm
58: is discouraged due to the inherent insecurity of host-based authentication.
59: .Pp
1.6 aaron 60: .Nm
1.1 deraadt 61: copies its standard input to the remote command, the standard
62: output of the remote command to its standard output, and the
63: standard error of the remote command to its standard error.
64: Interrupt, quit and terminate signals are propagated to the remote
65: command;
1.6 aaron 66: .Nm
1.1 deraadt 67: normally terminates when the remote command does.
1.6 aaron 68: .Pp
1.11 millert 69: .Nm
70: first attempts to use the Kerberos authorization mechanism, described below.
71: If the remote host does not support Kerberos the standard Berkeley
72: .Pa rhosts
73: authorization mechanism is used.
74: .Pp
1.1 deraadt 75: The options are as follows:
1.8 aaron 76: .Bl -tag -width Ds
1.1 deraadt 77: .It Fl K
1.7 aaron 78: Disable all Kerberos authentication.
1.1 deraadt 79: .It Fl d
1.7 aaron 80: Enable socket debugging (using
1.6 aaron 81: .Xr setsockopt 2 )
1.1 deraadt 82: on the
83: .Tn TCP
84: sockets used for communication with the remote host.
85: .It Fl k
1.7 aaron 86: Causes
1.6 aaron 87: .Nm
1.1 deraadt 88: to obtain tickets for the remote host in
89: .Ar realm
90: instead of the remote host's realm as determined by
1.6 aaron 91: .Xr krb_realmofhost 3 .
1.1 deraadt 92: .It Fl l
93: By default, the remote username is the same as the local username.
94: The
95: .Fl l
96: option allows the remote name to be specified.
97: .It Fl n
1.7 aaron 98: Redirect input from the special device
1.1 deraadt 99: .Pa /dev/null
100: (see the
101: .Sx BUGS
102: section of this manual page).
103: .El
104: .Pp
105: If no
106: .Ar command
107: is specified, you will be logged in on the remote host using
1.11 millert 108: .Nm rlogin
109: if it exists on the system or
110: .Xr telnet 1
111: if not.
1.7 aaron 112: .Pp
113: If
114: .Nm
115: is not invoked with the standard program name
116: .Pq Dq rsh ,
117: it uses this name as its
118: .Ar hostname
119: argument.
1.1 deraadt 120: .Pp
1.4 aaron 121: Shell meta-characters which are not quoted are interpreted on local machine,
122: while quoted meta-characters are interpreted on the remote machine.
1.1 deraadt 123: For example, the command
124: .Pp
1.12 deraadt 125: .Dl $ rsh otherhost cat remotefile >> localfile
1.1 deraadt 126: .Pp
127: appends the remote file
128: .Ar remotefile
129: to the local file
130: .Ar localfile ,
131: while
132: .Pp
1.12 deraadt 133: .Dl $ rsh otherhost cat remotefile \&">>\&" other_remotefile
1.1 deraadt 134: .Pp
135: appends
136: .Ar remotefile
137: to
138: .Ar other_remotefile .
139: .\" .Pp
140: .\" Many sites specify a large number of host names as commands in the
141: .\" directory /usr/hosts.
142: .\" If this directory is included in your search path, you can use the
143: .\" shorthand ``host command'' for the longer form ``rsh host command''.
1.11 millert 144: .Sh KERBEROS AUTHENTICATION
145: If Kerberos is configured on the system, each user may have a private
146: authorization list in the file
147: .Pa .klogin
148: in their home directory.
149: Each line in this file should contain a Kerberos principal name of the form
150: .Ar principal.instance@realm .
151: If the originating user is authenticated to one of the principals named in
152: .Pa .klogin ,
153: access is granted to the account.
154: The principal
155: .Ar accountname.@localrealm
156: is granted access if there is no
157: .Pa .klogin
158: file.
159: Otherwise a login and password will be prompted for on the remote machine
160: as in
161: .Xr login 1 .
162: To avoid certain security problems, the
163: .Pa .klogin
164: file must be owned by the remote user.
1.1 deraadt 165: .Sh FILES
166: .Bl -tag -width /etc/hosts -compact
167: .It Pa /etc/hosts
168: .El
169: .Sh SEE ALSO
1.11 millert 170: .Xr telnet 1 ,
1.1 deraadt 171: .Xr kerberos 3 ,
1.4 aaron 172: .Xr krb_realmofhost 3 ,
1.1 deraadt 173: .Xr krb_sendauth 3 ,
1.3 deraadt 174: .Xr rcmd 3
1.1 deraadt 175: .Sh HISTORY
176: The
1.6 aaron 177: .Nm
1.1 deraadt 178: command appeared in
179: .Bx 4.2 .
180: .Sh BUGS
181: If you are using
1.6 aaron 182: .Xr csh 1
1.1 deraadt 183: and put a
1.6 aaron 184: .Nm
1.1 deraadt 185: in the background without redirecting its input away from the terminal,
186: it will block even if no reads are posted by the remote command.
187: If no input is desired you should redirect the input of
1.6 aaron 188: .Nm
1.1 deraadt 189: to
190: .Pa /dev/null
191: using the
192: .Fl n
193: option.
194: .Pp
195: You cannot run an interactive command
196: (like
1.6 aaron 197: .Xr rogue 6
1.1 deraadt 198: or
1.6 aaron 199: .Xr vi 1 )
1.1 deraadt 200: using
1.6 aaron 201: .Nm rsh ;
1.1 deraadt 202: use
1.11 millert 203: .Xr telnet 1
1.1 deraadt 204: instead.
205: .Pp
206: Stop signals stop the local
1.6 aaron 207: .Nm
1.1 deraadt 208: process only; this is arguably wrong, but currently hard to fix for reasons
209: too complicated to explain here.
1.9 hin 210: .Pp
211: .Nm
1.10 hin 212: does not currently support encryption of the datastream when Kerberos
1.9 hin 213: authentication is used.