HP-UX Reference (11i v2 07/12) - 1 User Commands N-Z (vol 2)
r
remsh(1) remsh(1)
NAME
remsh, rexec - execute from a remote shell
SYNOPSIS
remsh host [-l username ][-n
] command
host [
-l username ][-n
] command
rexec host [-l username ][
-n] command
In Kerberos V5 Network Authentication Environments
remsh host [-l username ][-f
|-F][-k realm ][-P][-n] command
host [
-l username ][-f|
-F][-k realm ][-P][-n] command
DESCRIPTION
remsh connects to a specified host and executes a specified command. The host name can be either the
official name or an alias as understood by
gethostbyname()
(see gethostent(3N) and hosts(4)). remsh
copies its standard input (stdin) to the remote command, the standard output of the remote command to
its standard output (stdout), and the standard error of the remote command to its standard error
(stderr). Hangup, interrupt, quit, terminate, and broken pipe signals are propagated to the remote com-
mand. remsh exits when the sockets associated with stdout and stderr of the remote command are
closed. This means that remsh normally terminates when the remote command does (see remshd(1M)).
By default, remsh uses the following path when executing the specified command:
/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
remsh
uses the default remote login shell with the -c option to execute the remote command. If the
default remote shell is csh, csh sources the remote .cshrc file before the command.
remsh cannot be
used to run commands that require a terminal interface (such as
vi) or commands that read their standard
error (such as more). In such cases, use rlogin or telnet instead (see rlogin(1) and telnet(1)).
The remote account name used is the same as your local account name, unless you specify a different
remote name with the
-l option. This remote account name must be equivalent to the originating account.
In addition, the remote host account name must also conform to other rules, which differ depending upon
whether the remote host is operating in a Kerberos V5 Network Authentication, i.e., secure environment,
or not.
In a non-secure, or traditional environment, the remote account name must be equivalent to the originating
account; no provision is made for specifying a password with a command. For more details about
equivalent hosts and how to specify them, see hosts.equiv(4). The files inspected by remshd
on the
remote host are
/etc/hosts.equiv
and $HOME/.rhosts (see remshd(1M)).
In a Kerberos V5 Network Authentication environment, the local host must be successfully authenticated
before the remote account name is checked for proper authorization. The authorization mechanism is
dependent on the command line options used to invoke
remshd on the remote host (i.e., -K,
-R, -r,or
-k). For more information on Kerberos authentication and authorization see the Secure Internet Services
man page, sis(5) and remshd(1M).
Although Kerberos authentication and authorization may apply, the Kerberos mechanism is not applied to
the command or to its response. All the information that is transferred between the local and remote host
is still sent in cleartext over the network.
The default Kerberos options for the applications are set in the
krb5.conf configuration file. Refer to
the appdefaults Section in the krb5.conf(4) manpage for more information. The options -f, and -F
described in the subsequent paragraphs, can be set in the krb5.conf file with the tag names forward,
and forwardable respectively. Refer to the krb5.conf(4) manpage for more information on the appde-
faults Section.
The fallback option can be set in the krb5.conf file within the appdefaults Section.Iffallback is
set to true and the kerberos authentication fails, remsh will use the non-secure mode of authentication.
Note: Command line options override the configuration file options.
In a secure or Kerberos V5-based environment, the following command line options are available:
-f Forward the ticket granting ticket (TGT) to the remote system. The TGT is not forward-
able from that remote system.
-F Forward the TGT to the remote system and have it forwardable from there to another
remote system. The -f option and -F option are mutually exclusive.
HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 207