remsh(1)remsh(1)NAME
remsh, rexec - execute from a remote shell
SYNOPSIS
host username] command
host username] command
host username] command
In Kerberos V5 Network Authentication Environments
host username] realm] command
host username] realm] command
DESCRIPTION
connects to a specified host and executes a specified command. The
host name can be either the official name or an alias as understood by
(see gethostent(3N) and hosts(4)). copies its standard input to the
remote command, the standard output of the remote command to its stan‐
dard output and the standard error of the remote command to its stan‐
dard error Hangup, interrupt, quit, terminate, and broken pipe signals
are propagated to the remote command. exits when the sockets associ‐
ated with and of the remote command are closed. This means that nor‐
mally terminates when the remote command does (see remshd(1M)).
By default, uses the following path when executing the specified com‐
mand:
uses the default remote login shell with the option to execute the
remote command. If the default remote shell is csh, csh sources the
remote file before the command. cannot be used to run commands that
require a terminal interface (such as or commands that read their stan‐
dard error (such as In such cases, use or instead (see rlogin(1) and
telnet(1)).
The remote account name used is the same as your local account name,
unless you specify a different remote name with the option. This
remote account name must be equivalent to the originating account. In
addition, the remote host account name must also conform to other
rules, which differ depending upon whether the remote host is operating
in a Kerberos V5 Network Authentication, i.e., secure environment, or
not.
In a non-secure, or traditional environment, the remote account name
must be equivalent to the originating account; no provision is made for
specifying a password with a command. For more details about hosts and
how to specify them, see hosts.equiv(4). The files inspected by on the
remote host are and (see remshd(1M)).
In a Kerberos V5 Network Authentication environment, the local host
must be successfully authenticated before the remote account name is
checked for proper authorization. The authorization mechanism is
dependent on the command line options used to invoke on the remote host
(i.e., For more information on Kerberos authentication and authoriza‐
tion see the Secure Internet Services man page, sis(5) and remshd(1M).
Although Kerberos authentication and authorization may apply, the Ker‐
beros mechanism is applied to the command or to its response. All the
information that is transferred between the local and remote host is
still sent in cleartext over the network.
The default Kerberos options for the applications are set in the con‐
figuration file. Refer to the in the krb5.conf(4) manpage for more
information. The options and described in the subsequent paragraphs,
can be set in the file with the tag names and respectively. Refer to
the krb5.conf(4) manpage for more information on the
The option can be set in the file within the If is set to true and the
kerberos authentication fails, will use the non-secure mode of authen‐
tication.
Note: Command line options override the configuration file
options.
In a secure or Kerberos V5-based environment, the following command
line options are available:
Forward the ticket granting ticket (TGT) to the remote system.
The TGT
is not forwardable from that remote system.
Forward the TGT to the remote system and have it forwardable
from
there to another remote system. The option and
option are mutually exclusive.
Obtain tickets from the remote host in the
specified realm instead of the remote host's default
realm as specified in the configuration file
Disable Kerberos authentication.
If command, is not specified, instead of executing a single command,
you will be logged in on the remote host using (see rlogin(1)). Any
options typed in on the command line are transmitted to If no command
and the option are specified, will be invoked with to indicate that
Kerberos authentication (or secure access) is not necessary. This means
that if a password is requested, the password will be sent in cleart‐
ext. If command is specified, options specific to are ignored by
By default, reads its standard input and sends it to the remote command
because has no way to determine whether the remote command requires
input. The option redirects standard input to from This is useful when
running a shell script containing a command, since otherwise remsh may
use input not intended for it. The option is also useful when running
in the background from a job control shell, or Otherwise, stops and
waits for input from the terminal keyboard for the remote command.
automatically redirects its input from when jobs are run in the back‐
ground.
Host names for remote hosts can also be commands (linked to in the
directory If this directory is specified in the environment variable,
you can omit For example, if is the name of a remote host, is linked to
and if is in your search path, the command
executes command on and the command
is equivalent to
The command works in the same way as except that it uses the library
routine and for command execution (see rexec(3N) and rexecd(1M)) and
does not support Kerberos authentication. prompts for a password
before executing the command instead of using for authentication. It
should be used in instances where a password to a remote account is
known but there are insufficient permissions for
EXAMPLES
Shell metacharacters that are not quoted are interpreted on the local
host; quoted metacharacters are interpreted on the remote host. Thus
the command line:
appends the remote file to the local file while the command line
appends to the remote file
If the remote shell is the following command line sets up the environ‐
ment for the remote command before executing the remote command:
The throws away error messages generated by executing when stdin and
stdout are not a terminal.
The following command line runs in the background on the local system,
and the output of the remote command comes to your terminal asyn‐
chronously:
The background completes when the remote command does.
The following command line causes to return immediately without waiting
for the remote command to complete:
(See remshd(1M) and sh(1)). If your login shell on the remote system
is csh, use the following form instead:
RETURN VALUE
If fails to set up the secondary socket connection, it returns 2. If
it fails in some other way, it returns 1. If it fully succeeds in set‐
ting up a connection with it returns 0 once the remote command has com‐
pleted. Note that the return value of bears no relation to the return
value of the remote command.
DIAGNOSTICS
Besides the errors listed below, errors can also be generated by the
library functions and In the case of IPv6 systems, the library func‐
tions and are replaced by and respectively, and can generate errors
(see rcmd(3N) and rcmd_af(3N)). These errors are preceded by the name
of the library function that generated them. can produce the following
diagnostic messages:
There are two authentication mechanisms used by
One authentication mechanism is based on
Kerberos and the other is not. The type of
authentication mechanism is obtained from a
system file which is updated by (see
inetsvcs_sec(1M)). If the system file does
not contain known authentication types, the
above error is displayed.
Error in executing
is executed when the user does not specify
any commands to be executed). This is fol‐
lowed by the error message specifying why
the execution failed.
The ``shell'' service specification is not present
in the
file.
cannot establish secondary socket connection for
Error in executing system call.
Appended to this error is a message speci‐
fying the cause of the failure.
Check with the system administrator
to see if your entry in the password file
has been deleted by mistake.
Kerberos-specific errors are listed in sis(5).
WARNINGS
For security reasons, the and files should exist, even if
empty, and they should be readable and writable only by
the owner. Note also that all information, including any
passwords asked for, is passed unencrypted between the
two hosts.
If is run with an interactive command, it hangs.
DEPENDENCIES
is the same service as on BSD systems. The name was
changed due to a conflict with the existing System V com‐
mand (restricted shell).
AUTHOR
was developed by the University of California, Berkeley.
FILES
for version of the command invoked only with hostname
SEE ALSOrlogin(1), remshd(1M), rexecd(1M), inetsvcs_sec(1M),
gethostent(3N), rcmd(3N), rcmd_af(3N), rexec(3N),
hosts(4), hosts.equiv(4), krb5.conf(4).
remsh(1)