.TI REMOTE
Using rcp, rlogin, rsh, and .rhosts with the Ethernet Network

You can use the
.I rcp ,
.I rlogin ,
and
.I rsh
commands from a login session
on one Unix machine to gain access to a second Unix machine,
which in some useful cases is the same machine.
If the machines involved are in different administrative
domains or your local account name does not exist on the
remote machine, or both, you have to set up a special file called
.I .rhosts
before you can use these commands.
In this article the term,
.I machine ,
refers to what appears in some documentation as the term,
.I host .
.SH "What These Commands Do"
The remote copy command,
.I rcp ,
allows you to transfer files or entire directories between machines,
and its syntax is very similar to that of the standard Unix
.I cp
command.
With the remote login command,
.I rlogin ,
you can start up a login session on another machine,
and switch between login sessions at will.
The remote shell command,
.I rsh ,
allows you to run exactly one shell command sequence on
another machine, but breaks the remote connection when
the sequence is done.
.LP
These commands (as well as
.I rwho
and
.I ruptime )
all begin with the letter
.E r
to designate special remote versions of standard Unix commands.
In future versions of Unix they will probably become obsolete
as their functions are absorbed by the standard commands.
.SH "What These Commands Will Not Do"
These commands will not allow remote access to non-Unix machines,
such as IBM CMS and DEC VMS.
For this you may want to investigate the
.I ftp ,
.I telnet ,
and
.I tn3270
commands (type
.E "man ftp" ,
.E "man telnet" ,
etc. for more information).
Unlike their older Berknet counterparts, the Ethernet commands
.I rcp
and
.I rsh ,
but not
.I rlogin ,
will under no circumstances ask you for a
password to a remote account, relying instead on the
.I .rhosts
mechanism (described below), which must be arranged in advance.
They also will not queue up a remote request for later processing if
the remote machine happens to be down or unreachable when you issue it.
Both these functions are still provided by the
.I netcp
and
.I net
commands, which use the otherwise slow and limited Berknet.
.SH "A Simple Case Of Remote Copying \- rcp"
As an example, suppose you want to copy a file called
.I junk
from an account on a machine called
.I violet
to an account of the same name on a machine called
.I topaz .
If your local machine (the one to which you are logged in) is
.I violet ,
use the command,
.DS
% rcp junk topaz:junk
.DE
and if the local machine is
.I topaz ,
use the command,
.DS
% rcp violet:junk junk
.DE
Suppose now that you have a third account of the same name on the
.I ruby
machine.
If you are logged in to that account, the command would be
.DS
% rcp violet:junk topaz:junk
.DE
Note that in the simple examples of this section and the next,
your accounts must have the same names and the machines
must be in the same administrative domain (must be listed in the
.I /etc/hosts.equiv
file on both machines; type
.E "help domains"
for details).
.SH "Remote Copying Several Files \- rcp"
By analogy with the standard Unix
.E cp
command, you may copy several files from one machine
to a directory on another machine.
For example, from your home directory on
.I violet ,
you can copy all the files in a subdirectory called
.I stuff
to your home directory on
.I topaz
using the command,
.DS
% rcp stuff/* topaz:.
.DE
where the period following the colon indicates to copy to
the default current directory, your home directory on
.I topaz .
Doing the same transfer when the local machine is
.I topaz
instead of
.I violet
is similar to the last example, but with a small change:
.DS
% rcp violet:"stuff/*" .
.DE
The quotation marks are needed to delay interpretation of
the special
.E *
notation until the string,
.E stuff/* ,
gets to
.I violet .
.LP
Also by analogy with the Unix
.E cp
command, you can copy entire directory trees (that is, all a
directory's files and subdirectories at all levels) between machines.
For example, from your home directory on
.I topaz ,
you can copy your entire account to a subdirectory called
.I oldaccount
on
.I violet
using the command,
.DS
% rcp -r . violet:oldaccount
.DE
If your local machine (the one to which you are logged in) were
.I violet
instead, the command would look like
.DS
% rcp -r topaz:. oldaccount
.DE
.SH "Error Messages You May Encounter"
If the examples in this section or the last give you error
messages such as ``Permission denied'' or ``Login incorrect'',
you will have to set up a
.I .rhosts
file on the remote machine.
If you see any of the error messages ``Connection refused'',
``Connection timed out'', or ``Network unreachable'',
the remote machine is inaccessible.
Since this condition usually lasts no more than a few hours,
you can try again later.
.SH "When The .rhosts File Is Needed"
Whenever you try to use one of the commands
.I rcp ,
.I rlogin ,
or
.I rsh
with two machines in different administrative domains
or with different local and remote account names,
you must set up a special file called
.I .rhosts .
Its purpose is to maintain system security by
certifying that you, from your local account, are authorized to use
a particular account on a remote machine.
Within the same administrative domain it is assumed that
accounts having the same name belong to the same person,
in which case this file is not needed.
In all cases of different account names or different domains,
however, a
.I .rhosts
file identifying your local machine and account
must be set up in the home directory of the remote account.
This can be hard to remember, so for emphasis,
.DS
SET UP THE .RHOSTS FILE ON THE REMOTE ACCOUNT.
.DE
Once your local machine and account names have
been added to a remote account's
.I .rhosts
file, you
have complete access to the account,
including all its files and computing resources.
So, for example, you could start up a remote login session on that
account without having to know the password.
This technique can be useful if you want to let someone use your
account for a limited time without compromising your password,
because when they no longer need access you can delete them from the
.I .rhosts
file.
.LP
You will probably want to be careful about who you enter
into this file and how long you leave them there.
Periodically, you may want to check that no one who
has access to your account has added others to the file
without your knowledge.
It may also be wise to make sure that only your account has
read or write access to your
.I .rhosts
file by setting the appropriate file permissions.
.SH "Setting Up A .rhosts File"
If you want the system to recognize your
.I .rhosts
file, it must be located in your home directory,
but if you have no
.I .rhosts
at all the system will not complain.
You create and modify it using a text editor, such as
.I vi ,
and make one-line entries consisting of
a machine name, a space, and an account name.
The existence of such an entry means that that
account on that machine can access your account (where the
.I .rhosts
file is located) without a password.
The following
.I .rhosts
file that might appear in an account on the
.I topaz
machine would give access to
.I fred
and
.I jerry
from the
.I violet
machine, and to
.I jane
from the
.I gumball
machine.
.DS
violet fred
violet jerry
gumball jane
.DE
Often a machine has several variant names which may be used
interchangeably in certain contexts, but the mechanism that uses
.I .rhosts
only recognizes one name.
When your account is the target of a remote request, the
.I .rhosts
mechanism will deny access unless the requesting machine's
name as it appears in your
.I .rhosts
file is the same as the first variant appearing in a file called
.I /etc/hosts
on the your (the target) machine.
Here is a
.I .rhosts
file that might appear on the
.I gumball
machine.
.DS
violet fred
ucbviolet fred
violet.berkeley.edu fred
.DE
Depending on the first variant name of
.I violet
appearing in the
.I /etc/hosts
file on
.I gumball ,
only one of these lines will give access to
.I fred
from
.I violet ,
while the presence of the other two lines does no harm.
.SH "Remote Copying Between Different Account Names"
Suppose now that the account named
.I jane
on the
.I gumball
machine has a
.I .rhosts
file identifying your local account,
.I fred ,
on the
.I violet
machine.
You may now do remote copying between these machines,
provided that you specify the remote account name,
otherwise your local account name will be assumed.
For example, from the
.I fred
account on
.I violet
you can copy a file called
.I stuff
to
.I jane
on
.I gumball ,
and name the new copy
.I stuffing
in the process, using the command,
.DS
% rcp stuff gumball.jane:stuffing
.DE
This style of specifying a machine-account name combination
currently works for Computer Center machines.
It is different in some administrative domains, such as those
containing Computer Science department machines, where you would use
.DS
% rcp stuff jane@gumball:stuffing
.DE
This second style will one day become standard.
.SH "Using rcp To Copy Files To The Same Machine"
You can use your knowledge of how to transfer files between
different account names on different machines, to transfer
files between different accounts on the same machine.
Without using the network
this is tricky, especially when several levels
of permission-protected directories are involved,
and usually means temporarily opening up access to
everyone on the system until the transfer is complete.
With
.I rcp ,
however, it is easy and safe.
For example, to transfer the files
.I proposal
and
.I memo
from the
.I fred
acount to the
.I jerry
account, both on
.I violet ,
use
.DS
% rcp proposal memo violet.jerry:.
.DE
on the
.I fred
account, and
.DS
% rcp violet.fred:"proposal memo" .
.DE
on the
.I jerry
account.
In both cases the appropriate
.I .rhosts
file must have been set up beforehand.
.SH "Remote Login \- rlogin"
Using the remote login command,
.I rlogin ,
from one login session, you can start up another
login session on a remote machine, which may be the same
as the local machine.
For example, the command
.DS
% rlogin violet
.DE
would try to start up a remote login session on
.I violet 
using the same account name as your local account.
If you had such an account on the remote machine and the
local and remote machines were in the same administrative
domain, or if the remote account had the appropriate entry in its
.I .rhosts
file, you would then find
yourself in a remote login session with no questions asked.
If this were not the case,
.I rlogin
would ask you for the password to the remote account 
and you would have to type it in correctly before the
.I rlogin
session would begin.
At that point you could set up the
.I .rhosts
file so that in the future you could
.I rlogin
without a password.
.LP
In order to
.I rlogin
to an account of a different name, use the
.I \-l
(ell) option followed by the account name.
For example, to
.I rlogin
to the
.I fred
account located on
.I violet ,
use
.DS
% rlogin violet -l fred
.DE
which would ask you for
.I fred 's
password unless the appropriate entry appeared in
.I fred 's
.I .rhosts
file.
.SH "Suspending Remote Login Sessions"
From one
.I rlogin
session you may start up another
.I rlogin
session, and from there another, and so forth.
Anytime you want to resume the original login session you
can either logout from or suspend the current session.
To suspend the current
.I rlogin
session and return
to the original non-remote login session, type
.E ~^Z
(tilde followed by control-Z) at the beginning of a line
and then type a return.
Later you may resume that remote session by using the
.I fg
command after the shell prompt, which
is the command to foreground jobs in the C shell.
.LP
Suppose you are in an
.I rlogin
session on machine
.I violet
that you started up on
.I topaz
during an
.I rlogin
session started up on
.I gumball ,
in other words, suppose the chain of login sessions looks like
.DS
gumball -> topaz -> violet
.DE
Then typing
.E ~^Z
at the beginning of a line followed by a return
would bring you back to the original non-remote session on
.I gumball ,
as mentioned above.
If instead you wanted to be brought back to
.I topaz ,
that is, to the second login session in the chain,
then you would type
.E ~~^Z
follwed by a return.
In general, if you want to suspend an
.I rlogin
session and be brought back to the
.I n -th
login session in a chain, type
.I n
.E ~ 's
at the beginning of a line, followed by
.E ^Z
and a return.
.LP
Currently there is a bug which sometimes prevents an
attempt to suspend a remote login session to fail;
if this happens to you, just try again.
Also note that during a remote login session, all lines
that begin with
.E ~
are treated specially, one example being
.E ~^Z .
Another example is
.E ~. ,
which abruptly terminates (rather than suspends) the remote login session.
It is subject to an
.I n
tildes rule similar to that for
.E ~^Z .
When a line beginning with
.E ~
is not recognized, the line is echoed to the terminal
when you type a return in order to let you know that
it was not intercepted.
This is particularly noticeable when composing
a letter from within the
.I mail
program if you are in the habit of using
tilde escape sequences.
.SH "Character Parity Stripping With rlogin"
A remote login session has all the appearances of a normal login
session aside from marginal typing delays, special treatment of
lines beginning with
.E ~ ,
and stripping of character parity.
Sometimes you may want to preserve parity, for example, when
using a terminal emulation program or running the
.I emacs
editor.
This is done by starting up
.I rlogin
with the
.I \-8
option, as in
.DS
% rlogin violet -l fred -8
.DE
which preserves all 8 bits of characters transmitted during the
.I rlogin
session.
.SH "Remote Command Execution \- rsh"
The remote shell command,
.I rsh ,
allows you to run exactly one shell command sequence on
another machine, but breaks the remote connection when
the sequence is done.
It is somewhat similar to an
.I rlogin
session in which you run one command sequence and then logout,
but unlike
.I rlogin ,
it allows you to redirect input and output with files on
the local machine and it never asks for a password.
Otherwise, the
.I rsh
command is subject to the same rules with respect to
.I .rhosts
files as
.I rcp
and
.I rlogin
and accepts a
.I \-l
option for specifying an account name different from
the local account name.
For example, to display a detailed listing of the files in the
.I kate
account on the remote machine
.I soda ,
use
.DS
% rsh soda -l kate ls -l
.DE
which works provided you have set up the appropriate
.I .rhosts
file beforehand.
.SH "When Remote Commands Need Quoting"
Quotation marks around a command are needed in case
it contains meta-characters that you want interpreted
on the remote machine.
So, from the previous example, to save the output listing
in a local file called
.I localfile ,
use
.DS
% rsh soda -l kate ls -l > localfile
.DE
and to save it in a remote file called
.I remotefile ,
on the
.I soda
machine, use
.DS
% rsh soda -l kate "ls -l > remotefile"
.DE
.SH "Backgrounding An rsh Command"
Sometimes you may wish to run a lengthy
.I rsh
or
.I rcp
command in the background.
This is done by typing an
.E &
at the end of the command, as with other Unix commands.
In the case of
.I rsh ,
however, you can do this only if you have explicitly
specified from where the command input is coming, because
.I rsh
will try to read from the terminal by default,
even if the command sequence being run uses no terminal input.
So you must either redirect input from
a data file or indicate that there is no input by giving the
.I \-n
option to
.I rsh .
.LP
For example, suppose you want to copy your current directory on
.I violet ,
including all its files and directories at all levels, to the
your account on
.I soda
such that the file modification times are the same
for the remote copy as for the original directory.
In addition suppose you want to
background this time-consuming process.
You cannot use
.I "rcp \-r"
without changing the file modification times, so
you must use the
.I tar
command twice \- once locally and once remotely \- as in
.DS
% tar cBf - . | rsh soda tar xBf - &
.DE
which you run from
.I violet .
Backgrounding this command works since the input to
.I rsh
is specified.
If on the other hand you are currently logged in to
.I soda ,
you must use the
.I \-n
option, as in
.DS
% rsh violet -n tar cBf - . | tar xBf - &
.DE
If you forget to use
.I \-n
in a situation where it is needed, your command will
be suspended with the message, ``Stopped (tty input)''.
To resume execution you have to bring it back to the foreground with the
.I fg
command.
.SH "Abbreviating rlogin And rsh Using /usr/hosts"
There are shortened forms for
.I rlogin
and
.I rsh
which require you to have the directory
.I /usr/hosts
in your searchpath (type
.E "help searchpath"
for more information).
Once your searchpath contains
.I /usr/hosts ,
a command beginning with a machine name is
transformed into the same command with the word,
.E rsh ,
prepended.
Here are some examples of this transformation:
.DS
.ta \w'violet -l fred ls -l \fRbecomes\fP'uR +\w'  'u
violet -l fred ls -l \fRbecomes\fP	rsh violet -l fred ls -l
violet -l fred       \fRbecomes\fP	rsh violet -l fred
	\fReffectively becoming\fP	rlogin violet -l fred
violet -l fred -8    \fRbecomes\fP	rsh violet -l fred -8
	\fRNOT effectively becoming\fP	rlogin violet -l fred -8
.DE
The first example is straightforward.
In the second example it happens that when
.I rsh
finds no remote command to run, it turns you over to
.I rlogin
after first recognizing the
.I \-l
option.
In the third example, unfortunately, the
.I rsh
command does not recognize the
.I \-8
option, so instead of turning you over to
.I rlogin ,
it tries to run
.E -8
as a remote command (sic).
.LP
Another problem can arise when a machine name is the same as
an existing command name.
This is the case when you begin a command with the name
.I pearl ,
for example, which runs either the PEARL programming language
environment or an
.I rsh
command depending on the location of
.I /usr/hosts
in your searchpath.


jak