rsh - Executes a specified command on a remote host or
logs into a remote host
rsh [-dfnx] [-l user] remote_host [command] [argument...]
The remote shell command (rsh) executes command at the
remote_host, or, if no command is specified, logs into
Turns on socket debugging (using setsockopt()) on the TCP
sockets used for communication with the remote host.
Copies your Kerberos ticket from the local host to the
remote host to establish your Kerberos credentials on the
remote host. This option requires that the local and
remote hosts be configured to use Kerberos authentication
in the same or trusting Kerberos realms. The Kerberos
ticket will remain on the remote host until it either
expires or it is explicitly destroyed. The -f option is
ignored when used with the -l option. Specifies to log
into the remote host using the specified username instead
of the local username. If this option is not specified,
the local and remote usernames are the same. Specifies
that the rsh command is to ignore input from STDIN. Use
this option if you put rsh in the background without redirecting
its input away from the terminal. If you do not
use this option in this situation, rsh blocks even if no
reads are posted by the remote command. Encrypts the data
transmitted between the local host and the remote host.
This option requires that the local and remote hosts be
configured to use Kerberos authentication in the same or
trusting Kerberos realms.
The rsh command sends standard input from a local host to
a remote host and receives standard output and standard
error from the remote host. By default, the rsh command
executes the rlogin command if you do not specify a command.
While the remote command is executing, pressing the Interrupt,
Terminate, or Quit key sequences sends the corresponding
signal to the remote process. However, pressing
the Stop key sequence stops only the local process. Normally,
when the remote command terminates, the local rsh
By default, metacharacters are interpreted by the local
shell. To have shell metacharacters interpreted on the
remote host, place the metacharacters inside double
The way that the remote host authenticates a user and
transmits data depends on if the local and remote hosts
are using a basic connection or a secure connection (Kerberos
or Secure Shell). Basic and secure connections provide
user authentication; however, a secure connection
also provides client and server authentication, data
encryption, data integrity, and nonrepudiation.
Basic Connection [Toc] [Back]
A basic connection is one where the rsh command connects
to the remote host and the remote host authenticates the
user if one of the following conditions is satisfied: If
the local user ID is not the root user, and the name of
the local host is listed as an equivalent host in the
/etc/hosts.equiv file on the remote host. If the local
user ID is the root user or if the check of
/etc/hosts.equiv fails, the user's home directory on the
remote host must contain a $HOME/.rhosts file that lists
the local host name and user name. The $HOME/.rhosts file
must be owned by either the remote user or the root user,
and have permissions set to 600 (read and write by owner
The rsh command allows access to the remote host if the
remote user account does not have a password defined.
However, for security reasons, use of a password on all
user accounts is recommended.
Secure Connection [Toc] [Back]
A secure connection is one where the rsh command connects
to the remote host by using either Kerberos or Secure
Shell. Kerberos and Secure Shell are client/server applications
that authenticate the client, server, and user;
encrypt data; and ensure data integrity and nonrepudiation.
See your system administrator to determine if your
system is running Kerberos or Secure Shell software. See
the Security Administration guide for more information
about Kerberos and Secure Shell.
Kerberos [Toc] [Back]
Kerberos does not use the /etc/host.equiv file or the
$HOME/.rhosts file for authentication. Kerberos authenticates
by using secret-key cryptography and tickets between
Kerberos clients and Kerberos servers in the same or
trusting Kerberos realms. Once authenticated by Kerberos,
users receive a Kerberos Ticket Granting Ticket (TGT).
Users with a valid TGT are not prompted for a username or
password when the remote host is in the same or trusting
To use Kerberos to execute a command or log in to a remote
host, enter the rsh command with the -f and -x options.
Secure Shell [Toc] [Back]
Secure Shell authenticates users by using passwords, hostbased
identification, or public and private keys between
Secure Shell clients and servers.
By default, the rsh command will use Kerberos (with a
valid TGT) when a system is configured to use both Kerberos
and Secure Shell.
To use Secure Shell to execute a command or log in to a
remote host, enter the Secure Shell ssh2 (or ssh) command
instead of the rsh command. The ssh2 command provides the
same functionality and options as the rsh command over a
secure connection. See ssh2(1) for more information on
using the Secure Shell ssh2 command.
Alternatively, you can configure the rsh, rlogin, and rcp
commands and applications that use the rcmd() function to
automatically use a Secure Shell connection by enabling
the Secure Shell EnforceSecureRutils keyword in the
/etc/ssh2/ssh2_config file or in a user's
$HOME/.ssh2/ssh2_config file. When the EnforceSecureRutils
keyword is enabled: The sshd daemon runs and spawns the
srcmd child process; the rshd daemon does not run. The
rsh command can only use Secure Shell host-based authentication
to authenticate users.
See Security Administration for more information about
configuring Secure Shell host-based authentication and the
After it is determined that Secure Shell will be used, all
authentication and communication between the client and
server will use the Secure Shell connection. A connection
is not established if a user cannot be authenticated.
The rsh command is confused by output generated by commands
in a file on the remote host. In particular, the
messages, where are you? and stty: Can't assign requested
address can result if output is generated by the startup
In the following examples, the local host host1 is listed
in the /etc/hosts.equiv file at the remote host host2. To
check the amount of free disk space on the remote host
host2, enter: $ rsh host2 df To append a remote file to
another file on the remote host, place the >> metacharacters
in (double quotes): $ rsh host2 cat test1 ">>" test2
To append a remote file at the remote host to a local
file, omit the double quotes: $ rsh host2 cat test2 >>
test3 To append a remote file to a local file and use a
remote user's permissions at the remote host, use the -l
option: $ rsh host2 -l jane cat test4 >> test5
The following examples use Kerberos. The local host host1
and the remote host host2 are in the same Kerberos realm.
To check the amount of free disk space on the remote host
over an encrypted connection, enter: $ rsh -x host2 df To
execute a command and forward your Kerberos ticket to the
remote host, enter: $ rsh -f host2 df
Specifies remote hosts from which users can execute commands
on the local host (provided these users have an
account on the local host). Specifies remote users that
can use a local user account. Specifies Secure Shell
client configuration information. Specifies Secure Shell
server configuration information.
Commands: kinit(1), kdestroy(1), klist(1), rcp(1),
rlogin(1), rshd(8), ssh2(1), telnet(1)
Functions: rexec(3), rcmd(3)
Files: hosts.equiv(4), rhosts(4), ssh2_config(4)
Guides: Security Administration
[ Back ]