![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to remote CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDTahoe / new / help / src|
Return to remote CVS log | Up to [CSRG BSD Unix] / 43BSDTahoe / new / help / src |
1.1 root 1: .TI REMOTE
2: Using rcp, rlogin, rsh, and .rhosts with the Ethernet Network
3:
4: You can use the
5: .I rcp ,
6: .I rlogin ,
7: and
8: .I rsh
9: commands from a login session
10: on one Unix machine to gain access to a second Unix machine,
11: which in some useful cases is the same machine.
12: If the machines involved are in different administrative
13: domains or your local account name does not exist on the
14: remote machine, or both, you have to set up a special file called
15: .I .rhosts
16: before you can use these commands.
17: In this article the term,
18: .I machine ,
19: refers to what appears in some documentation as the term,
20: .I host .
21: .SH "What These Commands Do"
22: The remote copy command,
23: .I rcp ,
24: allows you to transfer files or entire directories between machines,
25: and its syntax is very similar to that of the standard Unix
26: .I cp
27: command.
28: With the remote login command,
29: .I rlogin ,
30: you can start up a login session on another machine,
31: and switch between login sessions at will.
32: The remote shell command,
33: .I rsh ,
34: allows you to run exactly one shell command sequence on
35: another machine, but breaks the remote connection when
36: the sequence is done.
37: .LP
38: These commands (as well as
39: .I rwho
40: and
41: .I ruptime )
42: all begin with the letter
43: .E r
44: to designate special remote versions of standard Unix commands.
45: In future versions of Unix they will probably become obsolete
46: as their functions are absorbed by the standard commands.
47: .SH "What These Commands Will Not Do"
48: These commands will not allow remote access to non-Unix machines,
49: such as IBM CMS and DEC VMS.
50: For this you may want to investigate the
51: .I ftp ,
52: .I telnet ,
53: and
54: .I tn3270
55: commands (type
56: .E "man ftp" ,
57: .E "man telnet" ,
58: etc. for more information).
59: Unlike their older Berknet counterparts, the Ethernet commands
60: .I rcp
61: and
62: .I rsh ,
63: but not
64: .I rlogin ,
65: will under no circumstances ask you for a
66: password to a remote account, relying instead on the
67: .I .rhosts
68: mechanism (described below), which must be arranged in advance.
69: They also will not queue up a remote request for later processing if
70: the remote machine happens to be down or unreachable when you issue it.
71: Both these functions are still provided by the
72: .I netcp
73: and
74: .I net
75: commands, which use the otherwise slow and limited Berknet.
76: .SH "A Simple Case Of Remote Copying \- rcp"
77: As an example, suppose you want to copy a file called
78: .I junk
79: from an account on a machine called
80: .I violet
81: to an account of the same name on a machine called
82: .I topaz .
83: If your local machine (the one to which you are logged in) is
84: .I violet ,
85: use the command,
86: .DS
87: % rcp junk topaz:junk
88: .DE
89: and if the local machine is
90: .I topaz ,
91: use the command,
92: .DS
93: % rcp violet:junk junk
94: .DE
95: Suppose now that you have a third account of the same name on the
96: .I ruby
97: machine.
98: If you are logged in to that account, the command would be
99: .DS
100: % rcp violet:junk topaz:junk
101: .DE
102: Note that in the simple examples of this section and the next,
103: your accounts must have the same names and the machines
104: must be in the same administrative domain (must be listed in the
105: .I /etc/hosts.equiv
106: file on both machines; type
107: .E "help domains"
108: for details).
109: .SH "Remote Copying Several Files \- rcp"
110: By analogy with the standard Unix
111: .E cp
112: command, you may copy several files from one machine
113: to a directory on another machine.
114: For example, from your home directory on
115: .I violet ,
116: you can copy all the files in a subdirectory called
117: .I stuff
118: to your home directory on
119: .I topaz
120: using the command,
121: .DS
122: % rcp stuff/* topaz:.
123: .DE
124: where the period following the colon indicates to copy to
125: the default current directory, your home directory on
126: .I topaz .
127: Doing the same transfer when the local machine is
128: .I topaz
129: instead of
130: .I violet
131: is similar to the last example, but with a small change:
132: .DS
133: % rcp violet:"stuff/*" .
134: .DE
135: The quotation marks are needed to delay interpretation of
136: the special
137: .E *
138: notation until the string,
139: .E stuff/* ,
140: gets to
141: .I violet .
142: .LP
143: Also by analogy with the Unix
144: .E cp
145: command, you can copy entire directory trees (that is, all a
146: directory's files and subdirectories at all levels) between machines.
147: For example, from your home directory on
148: .I topaz ,
149: you can copy your entire account to a subdirectory called
150: .I oldaccount
151: on
152: .I violet
153: using the command,
154: .DS
155: % rcp -r . violet:oldaccount
156: .DE
157: If your local machine (the one to which you are logged in) were
158: .I violet
159: instead, the command would look like
160: .DS
161: % rcp -r topaz:. oldaccount
162: .DE
163: .SH "Error Messages You May Encounter"
164: If the examples in this section or the last give you error
165: messages such as ``Permission denied'' or ``Login incorrect'',
166: you will have to set up a
167: .I .rhosts
168: file on the remote machine.
169: If you see any of the error messages ``Connection refused'',
170: ``Connection timed out'', or ``Network unreachable'',
171: the remote machine is inaccessible.
172: Since this condition usually lasts no more than a few hours,
173: you can try again later.
174: .SH "When The .rhosts File Is Needed"
175: Whenever you try to use one of the commands
176: .I rcp ,
177: .I rlogin ,
178: or
179: .I rsh
180: with two machines in different administrative domains
181: or with different local and remote account names,
182: you must set up a special file called
183: .I .rhosts .
184: Its purpose is to maintain system security by
185: certifying that you, from your local account, are authorized to use
186: a particular account on a remote machine.
187: Within the same administrative domain it is assumed that
188: accounts having the same name belong to the same person,
189: in which case this file is not needed.
190: In all cases of different account names or different domains,
191: however, a
192: .I .rhosts
193: file identifying your local machine and account
194: must be set up in the home directory of the remote account.
195: This can be hard to remember, so for emphasis,
196: .DS
197: SET UP THE .RHOSTS FILE ON THE REMOTE ACCOUNT.
198: .DE
199: Once your local machine and account names have
200: been added to a remote account's
201: .I .rhosts
202: file, you
203: have complete access to the account,
204: including all its files and computing resources.
205: So, for example, you could start up a remote login session on that
206: account without having to know the password.
207: This technique can be useful if you want to let someone use your
208: account for a limited time without compromising your password,
209: because when they no longer need access you can delete them from the
210: .I .rhosts
211: file.
212: .LP
213: You will probably want to be careful about who you enter
214: into this file and how long you leave them there.
215: Periodically, you may want to check that no one who
216: has access to your account has added others to the file
217: without your knowledge.
218: It may also be wise to make sure that only your account has
219: read or write access to your
220: .I .rhosts
221: file by setting the appropriate file permissions.
222: .SH "Setting Up A .rhosts File"
223: If you want the system to recognize your
224: .I .rhosts
225: file, it must be located in your home directory,
226: but if you have no
227: .I .rhosts
228: at all the system will not complain.
229: You create and modify it using a text editor, such as
230: .I vi ,
231: and make one-line entries consisting of
232: a machine name, a space, and an account name.
233: The existence of such an entry means that that
234: account on that machine can access your account (where the
235: .I .rhosts
236: file is located) without a password.
237: The following
238: .I .rhosts
239: file that might appear in an account on the
240: .I topaz
241: machine would give access to
242: .I fred
243: and
244: .I jerry
245: from the
246: .I violet
247: machine, and to
248: .I jane
249: from the
250: .I gumball
251: machine.
252: .DS
253: violet fred
254: violet jerry
255: gumball jane
256: .DE
257: Often a machine has several variant names which may be used
258: interchangeably in certain contexts, but the mechanism that uses
259: .I .rhosts
260: only recognizes one name.
261: When your account is the target of a remote request, the
262: .I .rhosts
263: mechanism will deny access unless the requesting machine's
264: name as it appears in your
265: .I .rhosts
266: file is the same as the first variant appearing in a file called
267: .I /etc/hosts
268: on the your (the target) machine.
269: Here is a
270: .I .rhosts
271: file that might appear on the
272: .I gumball
273: machine.
274: .DS
275: violet fred
276: ucbviolet fred
277: violet.berkeley.edu fred
278: .DE
279: Depending on the first variant name of
280: .I violet
281: appearing in the
282: .I /etc/hosts
283: file on
284: .I gumball ,
285: only one of these lines will give access to
286: .I fred
287: from
288: .I violet ,
289: while the presence of the other two lines does no harm.
290: .SH "Remote Copying Between Different Account Names"
291: Suppose now that the account named
292: .I jane
293: on the
294: .I gumball
295: machine has a
296: .I .rhosts
297: file identifying your local account,
298: .I fred ,
299: on the
300: .I violet
301: machine.
302: You may now do remote copying between these machines,
303: provided that you specify the remote account name,
304: otherwise your local account name will be assumed.
305: For example, from the
306: .I fred
307: account on
308: .I violet
309: you can copy a file called
310: .I stuff
311: to
312: .I jane
313: on
314: .I gumball ,
315: and name the new copy
316: .I stuffing
317: in the process, using the command,
318: .DS
319: % rcp stuff gumball.jane:stuffing
320: .DE
321: This style of specifying a machine-account name combination
322: currently works for Computer Center machines.
323: It is different in some administrative domains, such as those
324: containing Computer Science department machines, where you would use
325: .DS
326: % rcp stuff jane@gumball:stuffing
327: .DE
328: This second style will one day become standard.
329: .SH "Using rcp To Copy Files To The Same Machine"
330: You can use your knowledge of how to transfer files between
331: different account names on different machines, to transfer
332: files between different accounts on the same machine.
333: Without using the network
334: this is tricky, especially when several levels
335: of permission-protected directories are involved,
336: and usually means temporarily opening up access to
337: everyone on the system until the transfer is complete.
338: With
339: .I rcp ,
340: however, it is easy and safe.
341: For example, to transfer the files
342: .I proposal
343: and
344: .I memo
345: from the
346: .I fred
347: acount to the
348: .I jerry
349: account, both on
350: .I violet ,
351: use
352: .DS
353: % rcp proposal memo violet.jerry:.
354: .DE
355: on the
356: .I fred
357: account, and
358: .DS
359: % rcp violet.fred:"proposal memo" .
360: .DE
361: on the
362: .I jerry
363: account.
364: In both cases the appropriate
365: .I .rhosts
366: file must have been set up beforehand.
367: .SH "Remote Login \- rlogin"
368: Using the remote login command,
369: .I rlogin ,
370: from one login session, you can start up another
371: login session on a remote machine, which may be the same
372: as the local machine.
373: For example, the command
374: .DS
375: % rlogin violet
376: .DE
377: would try to start up a remote login session on
378: .I violet
379: using the same account name as your local account.
380: If you had such an account on the remote machine and the
381: local and remote machines were in the same administrative
382: domain, or if the remote account had the appropriate entry in its
383: .I .rhosts
384: file, you would then find
385: yourself in a remote login session with no questions asked.
386: If this were not the case,
387: .I rlogin
388: would ask you for the password to the remote account
389: and you would have to type it in correctly before the
390: .I rlogin
391: session would begin.
392: At that point you could set up the
393: .I .rhosts
394: file so that in the future you could
395: .I rlogin
396: without a password.
397: .LP
398: In order to
399: .I rlogin
400: to an account of a different name, use the
401: .I \-l
402: (ell) option followed by the account name.
403: For example, to
404: .I rlogin
405: to the
406: .I fred
407: account located on
408: .I violet ,
409: use
410: .DS
411: % rlogin violet -l fred
412: .DE
413: which would ask you for
414: .I fred 's
415: password unless the appropriate entry appeared in
416: .I fred 's
417: .I .rhosts
418: file.
419: .SH "Suspending Remote Login Sessions"
420: From one
421: .I rlogin
422: session you may start up another
423: .I rlogin
424: session, and from there another, and so forth.
425: Anytime you want to resume the original login session you
426: can either logout from or suspend the current session.
427: To suspend the current
428: .I rlogin
429: session and return
430: to the original non-remote login session, type
431: .E ~^Z
432: (tilde followed by control-Z) at the beginning of a line
433: and then type a return.
434: Later you may resume that remote session by using the
435: .I fg
436: command after the shell prompt, which
437: is the command to foreground jobs in the C shell.
438: .LP
439: Suppose you are in an
440: .I rlogin
441: session on machine
442: .I violet
443: that you started up on
444: .I topaz
445: during an
446: .I rlogin
447: session started up on
448: .I gumball ,
449: in other words, suppose the chain of login sessions looks like
450: .DS
451: gumball -> topaz -> violet
452: .DE
453: Then typing
454: .E ~^Z
455: at the beginning of a line followed by a return
456: would bring you back to the original non-remote session on
457: .I gumball ,
458: as mentioned above.
459: If instead you wanted to be brought back to
460: .I topaz ,
461: that is, to the second login session in the chain,
462: then you would type
463: .E ~~^Z
464: follwed by a return.
465: In general, if you want to suspend an
466: .I rlogin
467: session and be brought back to the
468: .I n -th
469: login session in a chain, type
470: .I n
471: .E ~ 's
472: at the beginning of a line, followed by
473: .E ^Z
474: and a return.
475: .LP
476: Currently there is a bug which sometimes prevents an
477: attempt to suspend a remote login session to fail;
478: if this happens to you, just try again.
479: Also note that during a remote login session, all lines
480: that begin with
481: .E ~
482: are treated specially, one example being
483: .E ~^Z .
484: Another example is
485: .E ~. ,
486: which abruptly terminates (rather than suspends) the remote login session.
487: It is subject to an
488: .I n
489: tildes rule similar to that for
490: .E ~^Z .
491: When a line beginning with
492: .E ~
493: is not recognized, the line is echoed to the terminal
494: when you type a return in order to let you know that
495: it was not intercepted.
496: This is particularly noticeable when composing
497: a letter from within the
498: .I mail
499: program if you are in the habit of using
500: tilde escape sequences.
501: .SH "Character Parity Stripping With rlogin"
502: A remote login session has all the appearances of a normal login
503: session aside from marginal typing delays, special treatment of
504: lines beginning with
505: .E ~ ,
506: and stripping of character parity.
507: Sometimes you may want to preserve parity, for example, when
508: using a terminal emulation program or running the
509: .I emacs
510: editor.
511: This is done by starting up
512: .I rlogin
513: with the
514: .I \-8
515: option, as in
516: .DS
517: % rlogin violet -l fred -8
518: .DE
519: which preserves all 8 bits of characters transmitted during the
520: .I rlogin
521: session.
522: .SH "Remote Command Execution \- rsh"
523: The remote shell command,
524: .I rsh ,
525: allows you to run exactly one shell command sequence on
526: another machine, but breaks the remote connection when
527: the sequence is done.
528: It is somewhat similar to an
529: .I rlogin
530: session in which you run one command sequence and then logout,
531: but unlike
532: .I rlogin ,
533: it allows you to redirect input and output with files on
534: the local machine and it never asks for a password.
535: Otherwise, the
536: .I rsh
537: command is subject to the same rules with respect to
538: .I .rhosts
539: files as
540: .I rcp
541: and
542: .I rlogin
543: and accepts a
544: .I \-l
545: option for specifying an account name different from
546: the local account name.
547: For example, to display a detailed listing of the files in the
548: .I kate
549: account on the remote machine
550: .I soda ,
551: use
552: .DS
553: % rsh soda -l kate ls -l
554: .DE
555: which works provided you have set up the appropriate
556: .I .rhosts
557: file beforehand.
558: .SH "When Remote Commands Need Quoting"
559: Quotation marks around a command are needed in case
560: it contains meta-characters that you want interpreted
561: on the remote machine.
562: So, from the previous example, to save the output listing
563: in a local file called
564: .I localfile ,
565: use
566: .DS
567: % rsh soda -l kate ls -l > localfile
568: .DE
569: and to save it in a remote file called
570: .I remotefile ,
571: on the
572: .I soda
573: machine, use
574: .DS
575: % rsh soda -l kate "ls -l > remotefile"
576: .DE
577: .SH "Backgrounding An rsh Command"
578: Sometimes you may wish to run a lengthy
579: .I rsh
580: or
581: .I rcp
582: command in the background.
583: This is done by typing an
584: .E &
585: at the end of the command, as with other Unix commands.
586: In the case of
587: .I rsh ,
588: however, you can do this only if you have explicitly
589: specified from where the command input is coming, because
590: .I rsh
591: will try to read from the terminal by default,
592: even if the command sequence being run uses no terminal input.
593: So you must either redirect input from
594: a data file or indicate that there is no input by giving the
595: .I \-n
596: option to
597: .I rsh .
598: .LP
599: For example, suppose you want to copy your current directory on
600: .I violet ,
601: including all its files and directories at all levels, to the
602: your account on
603: .I soda
604: such that the file modification times are the same
605: for the remote copy as for the original directory.
606: In addition suppose you want to
607: background this time-consuming process.
608: You cannot use
609: .I "rcp \-r"
610: without changing the file modification times, so
611: you must use the
612: .I tar
613: command twice \- once locally and once remotely \- as in
614: .DS
615: % tar cBf - . | rsh soda tar xBf - &
616: .DE
617: which you run from
618: .I violet .
619: Backgrounding this command works since the input to
620: .I rsh
621: is specified.
622: If on the other hand you are currently logged in to
623: .I soda ,
624: you must use the
625: .I \-n
626: option, as in
627: .DS
628: % rsh violet -n tar cBf - . | tar xBf - &
629: .DE
630: If you forget to use
631: .I \-n
632: in a situation where it is needed, your command will
633: be suspended with the message, ``Stopped (tty input)''.
634: To resume execution you have to bring it back to the foreground with the
635: .I fg
636: command.
637: .SH "Abbreviating rlogin And rsh Using /usr/hosts"
638: There are shortened forms for
639: .I rlogin
640: and
641: .I rsh
642: which require you to have the directory
643: .I /usr/hosts
644: in your searchpath (type
645: .E "help searchpath"
646: for more information).
647: Once your searchpath contains
648: .I /usr/hosts ,
649: a command beginning with a machine name is
650: transformed into the same command with the word,
651: .E rsh ,
652: prepended.
653: Here are some examples of this transformation:
654: .DS
655: .ta \w'violet -l fred ls -l \fRbecomes\fP'uR +\w' 'u
656: violet -l fred ls -l \fRbecomes\fP rsh violet -l fred ls -l
657: violet -l fred \fRbecomes\fP rsh violet -l fred
658: \fReffectively becoming\fP rlogin violet -l fred
659: violet -l fred -8 \fRbecomes\fP rsh violet -l fred -8
660: \fRNOT effectively becoming\fP rlogin violet -l fred -8
661: .DE
662: The first example is straightforward.
663: In the second example it happens that when
664: .I rsh
665: finds no remote command to run, it turns you over to
666: .I rlogin
667: after first recognizing the
668: .I \-l
669: option.
670: In the third example, unfortunately, the
671: .I rsh
672: command does not recognize the
673: .I \-8
674: option, so instead of turning you over to
675: .I rlogin ,
676: it tries to run
677: .E -8
678: as a remote command (sic).
679: .LP
680: Another problem can arise when a machine name is the same as
681: an existing command name.
682: This is the case when you begin a command with the name
683: .I pearl ,
684: for example, which runs either the PEARL programming language
685: environment or an
686: .I rsh
687: command depending on the location of
688: .I /usr/hosts
689: in your searchpath.
690:
691:
692: jak
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.