NAME

     rsh - remote shell


SYNOPSIS

     rsh host [-l username] [-n] [-d] [-k realm] [-f |  -F]  [-x]
     [-PN | -PO] command


DESCRIPTION

     Rsh connects to the specified host, and executes the  speci-
     fied  command.   Rsh copies its standard input to the remote
     command, the standard output of the remote  command  to  its
     standard  output,  and the standard error of the remote com-
     mand to its standard error.  This implementation of rsh will
     accept  any  port for the standard error stream.  Interrupt,
     quit and terminate signals are propagated to the remote com-
     mand; rsh normally terminates when the remote command does.

     Each user may have a private authorization list  in  a  file
     .k5login  in  his  login  directory.  Each line in this file
     should  contain  a  Kerberos  principal  name  of  the  form
     principal/instance@realm.   If  there  is a ~/.k5login file,
     then access is granted to the account if  and  only  if  the
     originater  user  is  authenticated to one of the princiapls
     named in the ~/.k5login file.   Otherwise,  the  originating
     user  will  be  granted access to the account if and only if
     the authenticated principal name of the user can  be  mapped
     to  the  local account name using the aname -> lname mapping
     rules (see krb5_anadd(8) for more details).


OPTIONS

     -l username
          sets the remote username to username.   Otherwise,  the
          remote username will be the same as the local username.

     -x   causes the network session  traffic  to  be  encrypted.
          This  applies only to the input and output streams, and
          not the command line.

     -f   cause nonforwardable Kerberos credentials  to  be  for-
          warded  to  the remote machine for use by the specified
          command.  They will be removed when  command  finishes.
          This option is mutually exclusive with the -F option.

     -F   cause forwardable Kerberos credentials to be  forwarded
          to the remote machine for use by the specified command.
          They will  be  removed  when  command  finishes.   This
          option is mutually exclusive with the -f option.

     -k realm
          causes rsh to obtain tickets for  the  remote  host  in
          realm  instead of the remote host's realm as determined
          by krb_realmofhost(3).

     -d   turns on socket debugging (via  setsockopt(2))  on  the
          TCP  sockets  used  for  communication  with the remote
          host.

     -n   redirects input from the special device /dev/null  (see
          the BUGS section below).

     -PN

     -PO  Explicitly request new or old version of  the  Kerberos
          ``rcmd''  protocol.  The new protocol avoids many secu-
          rity problems found in the old one, but is not interop-
          erable  with  older  servers.  (An "input/output error"
          and a closed connection is the most  likely  result  of
          attempting  this  combination.)   If  neither option is
          specified, some simple heuristics  are  used  to  guess
          which to try.

     If you omit command, then instead of executing a single com-
     mand,  you  will  be logged in on the remote host using rlo-
     gin(1).

     Shell metacharacters which are not quoted are interpreted on
     the  local  machine,  while quoted metacharacters are inter-
     preted on the remote machine.  Thus the command

        rsh otherhost cat remotefile >> localfile

     appends the remote file remotefile to the local file  local-
     file, while

        rsh otherhost cat remotefile ">>" otherremotefile

     appends remotefile to otherremotefile.


FILES

     /etc/hosts
7
     ~/.k5login  (on remote  host)  -  file  containing  Kerberos
                 principals that are allowed access.


SEE ALSO

     rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3),
     kshd(8)


BUGS

     If you are using csh(1) and put a rsh(1) in  the  background
     without  redirecting  its  input  away from the terminal, it
     will block even if no reads are posted by  the  remote  com-
     mand.   If no input is desired you should redirect the input
     of rsh to /dev/null using the -n option.


     You cannot run an  interactive  command  (like  rogue(6)  or
     vi(1)); use rlogin(1).

     Stop signals stop the local rsh process only; this is  argu-
     ably  wrong,  but currently hard to fix for reasons too com-
     plicated to explain here.














































Man(1) output converted with man2html