![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to remote CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDTahoe / new / help / src|
Return to remote CVS log | Up to [CSRG BSD Unix] / 43BSDTahoe / new / help / src |
1.1 ! root 1: .TI REMOTE ! 2: Using rcp, rlogin, rsh, and .rhosts with the Ethernet Network ! 3: ! 4: You can use the ! 5: .I rcp , ! 6: .I rlogin , ! 7: and ! 8: .I rsh ! 9: commands from a login session ! 10: on one Unix machine to gain access to a second Unix machine, ! 11: which in some useful cases is the same machine. ! 12: If the machines involved are in different administrative ! 13: domains or your local account name does not exist on the ! 14: remote machine, or both, you have to set up a special file called ! 15: .I .rhosts ! 16: before you can use these commands. ! 17: In this article the term, ! 18: .I machine , ! 19: refers to what appears in some documentation as the term, ! 20: .I host . ! 21: .SH "What These Commands Do" ! 22: The remote copy command, ! 23: .I rcp , ! 24: allows you to transfer files or entire directories between machines, ! 25: and its syntax is very similar to that of the standard Unix ! 26: .I cp ! 27: command. ! 28: With the remote login command, ! 29: .I rlogin , ! 30: you can start up a login session on another machine, ! 31: and switch between login sessions at will. ! 32: The remote shell command, ! 33: .I rsh , ! 34: allows you to run exactly one shell command sequence on ! 35: another machine, but breaks the remote connection when ! 36: the sequence is done. ! 37: .LP ! 38: These commands (as well as ! 39: .I rwho ! 40: and ! 41: .I ruptime ) ! 42: all begin with the letter ! 43: .E r ! 44: to designate special remote versions of standard Unix commands. ! 45: In future versions of Unix they will probably become obsolete ! 46: as their functions are absorbed by the standard commands. ! 47: .SH "What These Commands Will Not Do" ! 48: These commands will not allow remote access to non-Unix machines, ! 49: such as IBM CMS and DEC VMS. ! 50: For this you may want to investigate the ! 51: .I ftp , ! 52: .I telnet , ! 53: and ! 54: .I tn3270 ! 55: commands (type ! 56: .E "man ftp" , ! 57: .E "man telnet" , ! 58: etc. for more information). ! 59: Unlike their older Berknet counterparts, the Ethernet commands ! 60: .I rcp ! 61: and ! 62: .I rsh , ! 63: but not ! 64: .I rlogin , ! 65: will under no circumstances ask you for a ! 66: password to a remote account, relying instead on the ! 67: .I .rhosts ! 68: mechanism (described below), which must be arranged in advance. ! 69: They also will not queue up a remote request for later processing if ! 70: the remote machine happens to be down or unreachable when you issue it. ! 71: Both these functions are still provided by the ! 72: .I netcp ! 73: and ! 74: .I net ! 75: commands, which use the otherwise slow and limited Berknet. ! 76: .SH "A Simple Case Of Remote Copying \- rcp" ! 77: As an example, suppose you want to copy a file called ! 78: .I junk ! 79: from an account on a machine called ! 80: .I violet ! 81: to an account of the same name on a machine called ! 82: .I topaz . ! 83: If your local machine (the one to which you are logged in) is ! 84: .I violet , ! 85: use the command, ! 86: .DS ! 87: % rcp junk topaz:junk ! 88: .DE ! 89: and if the local machine is ! 90: .I topaz , ! 91: use the command, ! 92: .DS ! 93: % rcp violet:junk junk ! 94: .DE ! 95: Suppose now that you have a third account of the same name on the ! 96: .I ruby ! 97: machine. ! 98: If you are logged in to that account, the command would be ! 99: .DS ! 100: % rcp violet:junk topaz:junk ! 101: .DE ! 102: Note that in the simple examples of this section and the next, ! 103: your accounts must have the same names and the machines ! 104: must be in the same administrative domain (must be listed in the ! 105: .I /etc/hosts.equiv ! 106: file on both machines; type ! 107: .E "help domains" ! 108: for details). ! 109: .SH "Remote Copying Several Files \- rcp" ! 110: By analogy with the standard Unix ! 111: .E cp ! 112: command, you may copy several files from one machine ! 113: to a directory on another machine. ! 114: For example, from your home directory on ! 115: .I violet , ! 116: you can copy all the files in a subdirectory called ! 117: .I stuff ! 118: to your home directory on ! 119: .I topaz ! 120: using the command, ! 121: .DS ! 122: % rcp stuff/* topaz:. ! 123: .DE ! 124: where the period following the colon indicates to copy to ! 125: the default current directory, your home directory on ! 126: .I topaz . ! 127: Doing the same transfer when the local machine is ! 128: .I topaz ! 129: instead of ! 130: .I violet ! 131: is similar to the last example, but with a small change: ! 132: .DS ! 133: % rcp violet:"stuff/*" . ! 134: .DE ! 135: The quotation marks are needed to delay interpretation of ! 136: the special ! 137: .E * ! 138: notation until the string, ! 139: .E stuff/* , ! 140: gets to ! 141: .I violet . ! 142: .LP ! 143: Also by analogy with the Unix ! 144: .E cp ! 145: command, you can copy entire directory trees (that is, all a ! 146: directory's files and subdirectories at all levels) between machines. ! 147: For example, from your home directory on ! 148: .I topaz , ! 149: you can copy your entire account to a subdirectory called ! 150: .I oldaccount ! 151: on ! 152: .I violet ! 153: using the command, ! 154: .DS ! 155: % rcp -r . violet:oldaccount ! 156: .DE ! 157: If your local machine (the one to which you are logged in) were ! 158: .I violet ! 159: instead, the command would look like ! 160: .DS ! 161: % rcp -r topaz:. oldaccount ! 162: .DE ! 163: .SH "Error Messages You May Encounter" ! 164: If the examples in this section or the last give you error ! 165: messages such as ``Permission denied'' or ``Login incorrect'', ! 166: you will have to set up a ! 167: .I .rhosts ! 168: file on the remote machine. ! 169: If you see any of the error messages ``Connection refused'', ! 170: ``Connection timed out'', or ``Network unreachable'', ! 171: the remote machine is inaccessible. ! 172: Since this condition usually lasts no more than a few hours, ! 173: you can try again later. ! 174: .SH "When The .rhosts File Is Needed" ! 175: Whenever you try to use one of the commands ! 176: .I rcp , ! 177: .I rlogin , ! 178: or ! 179: .I rsh ! 180: with two machines in different administrative domains ! 181: or with different local and remote account names, ! 182: you must set up a special file called ! 183: .I .rhosts . ! 184: Its purpose is to maintain system security by ! 185: certifying that you, from your local account, are authorized to use ! 186: a particular account on a remote machine. ! 187: Within the same administrative domain it is assumed that ! 188: accounts having the same name belong to the same person, ! 189: in which case this file is not needed. ! 190: In all cases of different account names or different domains, ! 191: however, a ! 192: .I .rhosts ! 193: file identifying your local machine and account ! 194: must be set up in the home directory of the remote account. ! 195: This can be hard to remember, so for emphasis, ! 196: .DS ! 197: SET UP THE .RHOSTS FILE ON THE REMOTE ACCOUNT. ! 198: .DE ! 199: Once your local machine and account names have ! 200: been added to a remote account's ! 201: .I .rhosts ! 202: file, you ! 203: have complete access to the account, ! 204: including all its files and computing resources. ! 205: So, for example, you could start up a remote login session on that ! 206: account without having to know the password. ! 207: This technique can be useful if you want to let someone use your ! 208: account for a limited time without compromising your password, ! 209: because when they no longer need access you can delete them from the ! 210: .I .rhosts ! 211: file. ! 212: .LP ! 213: You will probably want to be careful about who you enter ! 214: into this file and how long you leave them there. ! 215: Periodically, you may want to check that no one who ! 216: has access to your account has added others to the file ! 217: without your knowledge. ! 218: It may also be wise to make sure that only your account has ! 219: read or write access to your ! 220: .I .rhosts ! 221: file by setting the appropriate file permissions. ! 222: .SH "Setting Up A .rhosts File" ! 223: If you want the system to recognize your ! 224: .I .rhosts ! 225: file, it must be located in your home directory, ! 226: but if you have no ! 227: .I .rhosts ! 228: at all the system will not complain. ! 229: You create and modify it using a text editor, such as ! 230: .I vi , ! 231: and make one-line entries consisting of ! 232: a machine name, a space, and an account name. ! 233: The existence of such an entry means that that ! 234: account on that machine can access your account (where the ! 235: .I .rhosts ! 236: file is located) without a password. ! 237: The following ! 238: .I .rhosts ! 239: file that might appear in an account on the ! 240: .I topaz ! 241: machine would give access to ! 242: .I fred ! 243: and ! 244: .I jerry ! 245: from the ! 246: .I violet ! 247: machine, and to ! 248: .I jane ! 249: from the ! 250: .I gumball ! 251: machine. ! 252: .DS ! 253: violet fred ! 254: violet jerry ! 255: gumball jane ! 256: .DE ! 257: Often a machine has several variant names which may be used ! 258: interchangeably in certain contexts, but the mechanism that uses ! 259: .I .rhosts ! 260: only recognizes one name. ! 261: When your account is the target of a remote request, the ! 262: .I .rhosts ! 263: mechanism will deny access unless the requesting machine's ! 264: name as it appears in your ! 265: .I .rhosts ! 266: file is the same as the first variant appearing in a file called ! 267: .I /etc/hosts ! 268: on the your (the target) machine. ! 269: Here is a ! 270: .I .rhosts ! 271: file that might appear on the ! 272: .I gumball ! 273: machine. ! 274: .DS ! 275: violet fred ! 276: ucbviolet fred ! 277: violet.berkeley.edu fred ! 278: .DE ! 279: Depending on the first variant name of ! 280: .I violet ! 281: appearing in the ! 282: .I /etc/hosts ! 283: file on ! 284: .I gumball , ! 285: only one of these lines will give access to ! 286: .I fred ! 287: from ! 288: .I violet , ! 289: while the presence of the other two lines does no harm. ! 290: .SH "Remote Copying Between Different Account Names" ! 291: Suppose now that the account named ! 292: .I jane ! 293: on the ! 294: .I gumball ! 295: machine has a ! 296: .I .rhosts ! 297: file identifying your local account, ! 298: .I fred , ! 299: on the ! 300: .I violet ! 301: machine. ! 302: You may now do remote copying between these machines, ! 303: provided that you specify the remote account name, ! 304: otherwise your local account name will be assumed. ! 305: For example, from the ! 306: .I fred ! 307: account on ! 308: .I violet ! 309: you can copy a file called ! 310: .I stuff ! 311: to ! 312: .I jane ! 313: on ! 314: .I gumball , ! 315: and name the new copy ! 316: .I stuffing ! 317: in the process, using the command, ! 318: .DS ! 319: % rcp stuff gumball.jane:stuffing ! 320: .DE ! 321: This style of specifying a machine-account name combination ! 322: currently works for Computer Center machines. ! 323: It is different in some administrative domains, such as those ! 324: containing Computer Science department machines, where you would use ! 325: .DS ! 326: % rcp stuff jane@gumball:stuffing ! 327: .DE ! 328: This second style will one day become standard. ! 329: .SH "Using rcp To Copy Files To The Same Machine" ! 330: You can use your knowledge of how to transfer files between ! 331: different account names on different machines, to transfer ! 332: files between different accounts on the same machine. ! 333: Without using the network ! 334: this is tricky, especially when several levels ! 335: of permission-protected directories are involved, ! 336: and usually means temporarily opening up access to ! 337: everyone on the system until the transfer is complete. ! 338: With ! 339: .I rcp , ! 340: however, it is easy and safe. ! 341: For example, to transfer the files ! 342: .I proposal ! 343: and ! 344: .I memo ! 345: from the ! 346: .I fred ! 347: acount to the ! 348: .I jerry ! 349: account, both on ! 350: .I violet , ! 351: use ! 352: .DS ! 353: % rcp proposal memo violet.jerry:. ! 354: .DE ! 355: on the ! 356: .I fred ! 357: account, and ! 358: .DS ! 359: % rcp violet.fred:"proposal memo" . ! 360: .DE ! 361: on the ! 362: .I jerry ! 363: account. ! 364: In both cases the appropriate ! 365: .I .rhosts ! 366: file must have been set up beforehand. ! 367: .SH "Remote Login \- rlogin" ! 368: Using the remote login command, ! 369: .I rlogin , ! 370: from one login session, you can start up another ! 371: login session on a remote machine, which may be the same ! 372: as the local machine. ! 373: For example, the command ! 374: .DS ! 375: % rlogin violet ! 376: .DE ! 377: would try to start up a remote login session on ! 378: .I violet ! 379: using the same account name as your local account. ! 380: If you had such an account on the remote machine and the ! 381: local and remote machines were in the same administrative ! 382: domain, or if the remote account had the appropriate entry in its ! 383: .I .rhosts ! 384: file, you would then find ! 385: yourself in a remote login session with no questions asked. ! 386: If this were not the case, ! 387: .I rlogin ! 388: would ask you for the password to the remote account ! 389: and you would have to type it in correctly before the ! 390: .I rlogin ! 391: session would begin. ! 392: At that point you could set up the ! 393: .I .rhosts ! 394: file so that in the future you could ! 395: .I rlogin ! 396: without a password. ! 397: .LP ! 398: In order to ! 399: .I rlogin ! 400: to an account of a different name, use the ! 401: .I \-l ! 402: (ell) option followed by the account name. ! 403: For example, to ! 404: .I rlogin ! 405: to the ! 406: .I fred ! 407: account located on ! 408: .I violet , ! 409: use ! 410: .DS ! 411: % rlogin violet -l fred ! 412: .DE ! 413: which would ask you for ! 414: .I fred 's ! 415: password unless the appropriate entry appeared in ! 416: .I fred 's ! 417: .I .rhosts ! 418: file. ! 419: .SH "Suspending Remote Login Sessions" ! 420: From one ! 421: .I rlogin ! 422: session you may start up another ! 423: .I rlogin ! 424: session, and from there another, and so forth. ! 425: Anytime you want to resume the original login session you ! 426: can either logout from or suspend the current session. ! 427: To suspend the current ! 428: .I rlogin ! 429: session and return ! 430: to the original non-remote login session, type ! 431: .E ~^Z ! 432: (tilde followed by control-Z) at the beginning of a line ! 433: and then type a return. ! 434: Later you may resume that remote session by using the ! 435: .I fg ! 436: command after the shell prompt, which ! 437: is the command to foreground jobs in the C shell. ! 438: .LP ! 439: Suppose you are in an ! 440: .I rlogin ! 441: session on machine ! 442: .I violet ! 443: that you started up on ! 444: .I topaz ! 445: during an ! 446: .I rlogin ! 447: session started up on ! 448: .I gumball , ! 449: in other words, suppose the chain of login sessions looks like ! 450: .DS ! 451: gumball -> topaz -> violet ! 452: .DE ! 453: Then typing ! 454: .E ~^Z ! 455: at the beginning of a line followed by a return ! 456: would bring you back to the original non-remote session on ! 457: .I gumball , ! 458: as mentioned above. ! 459: If instead you wanted to be brought back to ! 460: .I topaz , ! 461: that is, to the second login session in the chain, ! 462: then you would type ! 463: .E ~~^Z ! 464: follwed by a return. ! 465: In general, if you want to suspend an ! 466: .I rlogin ! 467: session and be brought back to the ! 468: .I n -th ! 469: login session in a chain, type ! 470: .I n ! 471: .E ~ 's ! 472: at the beginning of a line, followed by ! 473: .E ^Z ! 474: and a return. ! 475: .LP ! 476: Currently there is a bug which sometimes prevents an ! 477: attempt to suspend a remote login session to fail; ! 478: if this happens to you, just try again. ! 479: Also note that during a remote login session, all lines ! 480: that begin with ! 481: .E ~ ! 482: are treated specially, one example being ! 483: .E ~^Z . ! 484: Another example is ! 485: .E ~. , ! 486: which abruptly terminates (rather than suspends) the remote login session. ! 487: It is subject to an ! 488: .I n ! 489: tildes rule similar to that for ! 490: .E ~^Z . ! 491: When a line beginning with ! 492: .E ~ ! 493: is not recognized, the line is echoed to the terminal ! 494: when you type a return in order to let you know that ! 495: it was not intercepted. ! 496: This is particularly noticeable when composing ! 497: a letter from within the ! 498: .I mail ! 499: program if you are in the habit of using ! 500: tilde escape sequences. ! 501: .SH "Character Parity Stripping With rlogin" ! 502: A remote login session has all the appearances of a normal login ! 503: session aside from marginal typing delays, special treatment of ! 504: lines beginning with ! 505: .E ~ , ! 506: and stripping of character parity. ! 507: Sometimes you may want to preserve parity, for example, when ! 508: using a terminal emulation program or running the ! 509: .I emacs ! 510: editor. ! 511: This is done by starting up ! 512: .I rlogin ! 513: with the ! 514: .I \-8 ! 515: option, as in ! 516: .DS ! 517: % rlogin violet -l fred -8 ! 518: .DE ! 519: which preserves all 8 bits of characters transmitted during the ! 520: .I rlogin ! 521: session. ! 522: .SH "Remote Command Execution \- rsh" ! 523: The remote shell command, ! 524: .I rsh , ! 525: allows you to run exactly one shell command sequence on ! 526: another machine, but breaks the remote connection when ! 527: the sequence is done. ! 528: It is somewhat similar to an ! 529: .I rlogin ! 530: session in which you run one command sequence and then logout, ! 531: but unlike ! 532: .I rlogin , ! 533: it allows you to redirect input and output with files on ! 534: the local machine and it never asks for a password. ! 535: Otherwise, the ! 536: .I rsh ! 537: command is subject to the same rules with respect to ! 538: .I .rhosts ! 539: files as ! 540: .I rcp ! 541: and ! 542: .I rlogin ! 543: and accepts a ! 544: .I \-l ! 545: option for specifying an account name different from ! 546: the local account name. ! 547: For example, to display a detailed listing of the files in the ! 548: .I kate ! 549: account on the remote machine ! 550: .I soda , ! 551: use ! 552: .DS ! 553: % rsh soda -l kate ls -l ! 554: .DE ! 555: which works provided you have set up the appropriate ! 556: .I .rhosts ! 557: file beforehand. ! 558: .SH "When Remote Commands Need Quoting" ! 559: Quotation marks around a command are needed in case ! 560: it contains meta-characters that you want interpreted ! 561: on the remote machine. ! 562: So, from the previous example, to save the output listing ! 563: in a local file called ! 564: .I localfile , ! 565: use ! 566: .DS ! 567: % rsh soda -l kate ls -l > localfile ! 568: .DE ! 569: and to save it in a remote file called ! 570: .I remotefile , ! 571: on the ! 572: .I soda ! 573: machine, use ! 574: .DS ! 575: % rsh soda -l kate "ls -l > remotefile" ! 576: .DE ! 577: .SH "Backgrounding An rsh Command" ! 578: Sometimes you may wish to run a lengthy ! 579: .I rsh ! 580: or ! 581: .I rcp ! 582: command in the background. ! 583: This is done by typing an ! 584: .E & ! 585: at the end of the command, as with other Unix commands. ! 586: In the case of ! 587: .I rsh , ! 588: however, you can do this only if you have explicitly ! 589: specified from where the command input is coming, because ! 590: .I rsh ! 591: will try to read from the terminal by default, ! 592: even if the command sequence being run uses no terminal input. ! 593: So you must either redirect input from ! 594: a data file or indicate that there is no input by giving the ! 595: .I \-n ! 596: option to ! 597: .I rsh . ! 598: .LP ! 599: For example, suppose you want to copy your current directory on ! 600: .I violet , ! 601: including all its files and directories at all levels, to the ! 602: your account on ! 603: .I soda ! 604: such that the file modification times are the same ! 605: for the remote copy as for the original directory. ! 606: In addition suppose you want to ! 607: background this time-consuming process. ! 608: You cannot use ! 609: .I "rcp \-r" ! 610: without changing the file modification times, so ! 611: you must use the ! 612: .I tar ! 613: command twice \- once locally and once remotely \- as in ! 614: .DS ! 615: % tar cBf - . | rsh soda tar xBf - & ! 616: .DE ! 617: which you run from ! 618: .I violet . ! 619: Backgrounding this command works since the input to ! 620: .I rsh ! 621: is specified. ! 622: If on the other hand you are currently logged in to ! 623: .I soda , ! 624: you must use the ! 625: .I \-n ! 626: option, as in ! 627: .DS ! 628: % rsh violet -n tar cBf - . | tar xBf - & ! 629: .DE ! 630: If you forget to use ! 631: .I \-n ! 632: in a situation where it is needed, your command will ! 633: be suspended with the message, ``Stopped (tty input)''. ! 634: To resume execution you have to bring it back to the foreground with the ! 635: .I fg ! 636: command. ! 637: .SH "Abbreviating rlogin And rsh Using /usr/hosts" ! 638: There are shortened forms for ! 639: .I rlogin ! 640: and ! 641: .I rsh ! 642: which require you to have the directory ! 643: .I /usr/hosts ! 644: in your searchpath (type ! 645: .E "help searchpath" ! 646: for more information). ! 647: Once your searchpath contains ! 648: .I /usr/hosts , ! 649: a command beginning with a machine name is ! 650: transformed into the same command with the word, ! 651: .E rsh , ! 652: prepended. ! 653: Here are some examples of this transformation: ! 654: .DS ! 655: .ta \w'violet -l fred ls -l \fRbecomes\fP'uR +\w' 'u ! 656: violet -l fred ls -l \fRbecomes\fP rsh violet -l fred ls -l ! 657: violet -l fred \fRbecomes\fP rsh violet -l fred ! 658: \fReffectively becoming\fP rlogin violet -l fred ! 659: violet -l fred -8 \fRbecomes\fP rsh violet -l fred -8 ! 660: \fRNOT effectively becoming\fP rlogin violet -l fred -8 ! 661: .DE ! 662: The first example is straightforward. ! 663: In the second example it happens that when ! 664: .I rsh ! 665: finds no remote command to run, it turns you over to ! 666: .I rlogin ! 667: after first recognizing the ! 668: .I \-l ! 669: option. ! 670: In the third example, unfortunately, the ! 671: .I rsh ! 672: command does not recognize the ! 673: .I \-8 ! 674: option, so instead of turning you over to ! 675: .I rlogin , ! 676: it tries to run ! 677: .E -8 ! 678: as a remote command (sic). ! 679: .LP ! 680: Another problem can arise when a machine name is the same as ! 681: an existing command name. ! 682: This is the case when you begin a command with the name ! 683: .I pearl , ! 684: for example, which runs either the PEARL programming language ! 685: environment or an ! 686: .I rsh ! 687: command depending on the location of ! 688: .I /usr/hosts ! 689: in your searchpath. ! 690: ! 691: ! 692: jak
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.