Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: $USER is not set in remsh but works fine via ssh login
Top Forums UNIX for Dummies Questions & Answers $USER is not set in remsh but works fine via ssh login Post 302488862 by citaylor on Tuesday 18th of January 2011 03:19:57 PM
Old 01-18-2011
I presume from the use of "remsh", that this is a HP-UX machine ? If it is, what version is it ? I believe HP-UX 11.11 and below had a remshd that didnt use the normal methods of creating a user session (namely by calling PAM - Pluggable Authentication Modules).

Perhaps instead of using remsh you could use ssh with a command (you can set ssh up to not ask for passwords if needed) - this would also be much more secure...remsh, rsh and rlogin are notoriously bad at security.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Script works fine until I | more

Hello all, This beats me. I have a script that executes some commands and redirects their output to some text files that I will parse. The commands are along the lines of: dsmadmc -id=admin -pa=admin -outfile=/home/tools/qlog.txt q log f=d If I just run the script it works. If I execute... (2 Replies)
Discussion started by: Skovian
2 Replies

2. Shell Programming and Scripting

Cron job fails, but works fine from command line

I have a very basic script that essentially sends a log file, via FTP, to a backup server. My cron entry to run this every night is: 55 23 * * * /usr/bin/archive_logs The script runs perfectly when executed manually, and actually worked via cron for about three weeks. However, it mysteriously... (3 Replies)
Discussion started by: cdunavent
3 Replies

3. AIX

SSH login hangs, serial console works

Server, running AIX 6.1 developed strange problem when logging in via SSH -- ssh client hangs without any error. It is possible to run commands on server, using ssh ("ssh servername ls -l" is OK) It is possible to log in normally, using serial console connected to server. It was possible to... (2 Replies)
Discussion started by: ivar.zarans
2 Replies

4. Shell Programming and Scripting

Script works fine but not with crontab

Hello All, This is driving me nuts. Wrote a very simple script (it's in csh so sorry about that). Just something very simple though. Here is the catch. Works great from command line sometimes. Other times it runs no errors or anything but I never receive an email. Never runs from crontab... (6 Replies)
Discussion started by: jacktay
6 Replies

5. Shell Programming and Scripting

Not the correct output, works fine via CLI, not inside the script.

Guys, I need you help please. The script below is not working correclty for checking via a awk/if statement . Can you tell me what i am doing wrong in the script code "if($1 == "$RETENTION_LEVEL") " Syntax RETENTION_LEVEL=`echo $LINE | cut -f2 -d" "` echo " ==============... (4 Replies)
Discussion started by: Junes
4 Replies

6. Solaris

HOW to set unlimited login attempts for user in Solaris?

Hi Admins, HOW to set unlimited login attempts for user in Solaris ? And do I need to insatll any packages before doing this? Thanks. (1 Reply)
Discussion started by: manalisharmabe
1 Replies

7. UNIX for Dummies Questions & Answers

C-program works fine interactively, but not on the SGE server

Greetings, I have a C-program that is made to implement a hidden Markov model on an input file. The program is very memory intensive. I've installed it on my local server where I have an account and it compiles fine. The way they have the server set up is that you can either work... (1 Reply)
Discussion started by: Twinklefingers
1 Replies

8. HP-UX

How to set PATH variable for all HP-UX users when they login using ssh?

Hello friends, I need to set PATH variable for all HP-UX users. I tried to implement it using /etc/profile and /etc/sshrc both none of them work. I don't see sshrc file anywhere. Please advise! TIA (4 Replies)
Discussion started by: prvnrk
4 Replies

9. Homework & Coursework Questions

How to set for a user a non-login shell?

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: I am a root in a Unix system. My shell is bash. 2. Relevant commands, code, scripts, algorithms: How to set... (1 Reply)
Discussion started by: me_me_me
1 Replies

10. Homework & Coursework Questions

How to set a non-login non-interactive shell for a user?

I am sorry for creating a new topic after my previous inquiry was closed, but I tried and tried and I do not know how to edit my previous post. This is not exactly any homework, this is one of 40 questions we were expected to prepare for one of the labs. I searched and read what I could and still... (4 Replies)
Discussion started by: me_me_me
4 Replies

LEARN ABOUT OPENSOLARIS

remsh

rsh(1)								   User Commands							    rsh(1)

NAME

       rsh, remsh, remote_shell - remote shell

SYNOPSIS

       rsh [-n] [-a] [-K] [-PN | -PO] [-x] [-f | -F] [-l username]
	    [-k realm] hostname command

       rsh hostname [-n] [-a] [-K] [-PN | -PO] [-x] [-f | -F]
	    [-l username] [-k realm] command

       remsh [-n] [-a] [-K] [-PN | -PO] [-x] [-f | -F] [-l username]
	    [-k realm] hostname command

       remsh hostname [-n] [-a] [-K] [-PN | -PO] [-x] [-f | -F]
	    [-l username] [-k realm] command

	hostname [-n] [-a] [-PN | -PO] [-x] [-f | -F]
	    [-l username] [-k realm] command

DESCRIPTION

       The rsh utility connects to the specified hostname and executes the specified command. rsh copies its standard input to the remote command,
       the standard output of the remote command to its standard output, and the standard error of the	remote	command  to  its  standard  error.
       Interrupt, quit, and terminate signals are propagated to the remote command. rsh normally terminates when the remote command does.

       The  user  can opt for a secure session of rsh which uses Kerberos V5 for authentication. Encryption of the network session traffic is also
       possible. The rsh session can be kerberized using any of the following Kerberos specific options: -a, -PN or -PO, -x,  -f  or  -F,  and	-k
       realm.  Some  of  these	options (-a, -x, -PN or -PO, and -f or -F) can also be specified in the [appdefaults] section of krb5.conf(4). The
       usage of these options and the expected behavior is discussed in the OPTIONS section below. If Kerberos authentication is used,	authoriza-
       tion  to  the account is controlled by rules in krb5_auth_rules(5). If this authorization fails, fallback to normal rsh using rhosts occurs
       only if the -PO option is used explicitly on the command line or is specified in krb5.conf(4). Also, the -PN or -PO, -x, -f or -F,  and	-k
       realm options are just supersets of the -a option.

       If you omit command, instead of executing a single command, rsh logs you in on the remote host using rlogin(1).

       rsh does not return the exit status code of command.

       Shell  metacharacters  which are not quoted are interpreted on the local machine, while quoted metacharacters are interpreted on the remote
       machine. See EXAMPLES.

       If there is no locale setting in the initialization file of the login shell (.cshrc, . . .) for a particular user, rsh always executes  the
       command in the "C" locale instead of using the default locale of the remote machine.

       The command is sent unencrypted to the remote system. All subsequent network session traffic is encrypted. See -x.

OPTIONS

       The following options are supported:

       -a	      Explicitly  enable  Kerberos  authentication  and trusts the .k5login file for access-control. If the authorization check by
		      in.rshd(1M) on the server-side succeeds and if the .k5login file permits access, the user is allowed to carry out  the  com-
		      mand.

       -f	      Forward  a  copy	of the local credentials (Kerberos Ticket Granting Ticket) to the remote system. This is a non-forwardable
		      ticket granting ticket. Forward a ticket granting ticket if you need to authenticate yourself to	other  Kerberized  network
		      services on the remote host. An example would be if your home directory on the remote host is NFS mounted by way of Kerberos
		      V5. If your local credentials are not forwarded in this case, you cannot access your home directory. This option is mutually
		      exclusive with the -F option.

       -F	      Forward  a  forwardable  copy of the local credentials (Kerberos Ticket Granting Ticket) to the remote system. The -F option
		      provides a superset of the functionality offered by the -f option. For example, with the -f option, if, after you  connected
		      to the remote host, your remote command attempted to invoke /usr/bin/ftp, /usr/bin/telnet, /usr/bin/rlogin, or /usr/bin/rsh,
		      with the -f or -F options, the attempt would fail. Thus, you would be unable to push  your  single  network  sign  on  trust
		      beyond one system. This option is mutually exclusive with the -f option.

       -k realm       Causes rsh to obtain tickets for the remote host in realm instead of the remote host's realm as determined by krb5.conf(4).

       -K	      This option explicitly disables Kerberos authentication. It can be used to override the autologin variable in krb5.conf(4).

       -l username    Uses  username  as the remote username instead of your local username. In the absence of this option, the remote username is
		      the same as your local username.

       -n	      Redirect the input of rsh to /dev/null. You sometimes need this option to avoid unfortunate interactions between rsh and the
		      shell which invokes it. For example, if you are running rsh and invoke a rsh in the background without redirecting its input
		      away from the terminal, it blocks even if no reads are posted by the remote command. The -n option prevents this.

       -PO	      Explicitly request new (-PN) or old (-PO) version of the Kerberos "rcmd" protocol. The new  protocol  avoids  many  security
       -PN	      problems	prevalant in the old one and is regarded much more secure, but is not interoperable with older (MIT/SEAM) servers.
		      The new protocol is used by default, unless explicitly specified using these options or through  krb5.conf(4).  If  Kerberos
		      authorization  fails  when  using the old "rcmd" protocol, there is fallback to regular, non-kerberized rsh. This is not the
		      case when the new, more secure "rcmd" protocol is used.

       -x	      Cause the network session traffic to be encrypted. See DESCRIPTION.

       The type of remote shell (sh, rsh, or other) is determined by the user's entry in the file /etc/passwd on the remote system.

OPERANDS

       The following operand is supported:

       command	  The command to be executed on the specified hostname.

USAGE

       See largefile(5) for the description of the behavior of rsh and remsh when encountering files greater than or  equal  to  2  Gbyte  (  2^31
       bytes).

       The rsh and remsh commands are IPv6-enabled. See ip6(7P). IPv6 is not currently supported with Kerberos V5 authentication.

       Hostnames  are given in the hosts database, which can be contained in the /etc/hosts file, the Internet domain name database, or both. Each
       host has one official name (the first name in the database entry) and optionally one or more nicknames. Official hostnames or nicknames can
       be given as hostname.

       If  the	name  of the file from which rsh is executed is anything other than rsh, rsh takes this name as its hostname argument. This allows
       you to create a symbolic link to rsh in the name of a host which, when executed, invokes a remote shell on that host. By creating a  direc-
       tory  and  populating it with symbolic links in the names of commonly used hosts, then including the directory in your shell's search path,
       you can run rsh by typing hostname to your shell.

       If rsh is invoked with the basename remsh, rsh checks for the existence of the file /usr/bin/remsh. If this file exists, rsh behaves as	if
       remsh is an alias for rsh. If /usr/bin/remsh does not exist, rsh behaves as if remsh is a host name.

       For  the  kerberized  rsh session, each user can have a private authorization list in a file .k5login in their home directory. Each line in
       this file should contain a Kerberos principal name of the form principal/instance@realm. If there is a  ~/.k5login  file,  then	access	is
       granted	to  the  account if and only if the originater user is authenticated to one of the principals named in the ~/.k5login file. Other-
       wise, the originating user is granted access to the account if and only if the authenticated principal name of the user can  be	mapped	to
       the  local  account  name  using  the authenticated-principal-name -> local-user-name mapping rules. The .k5login file (for access control)
       comes into play only when Kerberos authentication is being done.

       For the non-secure rsh session, each remote machine can have a file named /etc/hosts.equiv containing a	list  of  trusted  hostnames  with
       which  it  shares  usernames. Users with the same username on both the local and remote machine can run rsh from the machines listed in the
       remote machine's /etc/hosts.equiv file. Individual users can set up a similar private equivalence list with the file .rhosts in their  home
       directories.  Each  line  in this file contains two names: a hostname and a username separated by a space. The entry permits the user named
       username who is logged into hostname to use rsh to access the remote machine as the remote user. If the name of the local host is not found
       in  the	/etc/hosts.equiv  file on the remote machine, and the local username and hostname are not found in the remote user's .rhosts file,
       then the access is denied. The hostnames listed in the /etc/hosts.equiv and .rhosts files must be the  official	hostnames  listed  in  the
       hosts database; nicknames can not be used in either of these files.

       You cannot log in using rsh as a trusted user from a trusted hostname if the trusted user account is locked.

       rsh does not prompt for a password if access is denied on the remote machine unless the command argument is omitted.

EXAMPLES

       Example 1 Using rsh to Append Files

       The  following  command	appends  the remote file lizard.file from the machine called lizard to the file called example.file on the machine
       called example:

	 example% rsh lizard cat lizard.file >> example.file

       The following command appends the file lizard.file on the machine called lizard to the file lizard.file2 which also resides on the  machine
       called lizard:

	 example% rsh lizard cat lizard.file ">>" lizard.file2

EXIT STATUS

       The following exit values are returned:

       0    Successful completion.

       1    An error occurred.

FILES

       /etc/hosts	      Internet host table

       /etc/hosts.equiv       Trusted remote hosts and users

       /etc/passwd	      System password file

       $HOME/.k5login	      File containing Kerberos principals that are allowed access

       /etc/krb5/krb5.conf    Kerberos configuration file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWrcmdc 		   |
       +-----------------------------+-----------------------------+
       |CSI			     |Enabled			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       on(1),  rlogin(1), ssh(1), telnet(1), vi(1), in.rshd(1M), hosts(4), hosts.equiv(4), krb5.conf(4), attributes(5), krb5_auth_rules(5), large-
       file(5), ip6(7P)

NOTES

       When a system is listed in hosts.equiv, its security must be as good as local security. One insecure system listed in hosts.equiv can  com-
       promise the security of the entire system.

       You cannot run an interactive command (such as vi(1)). Use rlogin if you wish to do this.

       Stop  signals  stop  the  local	rsh process only. This is arguably wrong, but currently hard to fix for reasons too complicated to explain
       here.

       The current local environment is not passed to the remote shell.

       Sometimes the -n option is needed for reasons that are less than obvious. For example, the command:

	 example% rsh somehost dd if=/dev/nrmt0 bs=20b | tar xvpBf -

       puts your shell into a strange state. Evidently, the tar process terminates before the rsh process. The rsh command  then  tries  to  write
       into  the ``broken pipe'' and, instead of terminating neatly, proceeds to compete with your shell for its standard input. Invoking rsh with
       the -n option avoids such incidents.

       This bug occurs only when rsh is at the beginning of a pipeline and is not reading standard input. Do not use the -n option if rsh actually
       needs to read standard input. For example:

	 example% tar cf - . | rsh sundial dd of=/dev/rmt0 obs=20b

       does  not  produce the bug. If you were to use the -n option in a case like this, rsh would incorrectly read from /dev/null instead of from
       the pipe.

       For most purposes, ssh(1) is preferred over rsh.

SunOS 5.11							    23 Dec 2008 							    rsh(1)
All times are GMT -4. The time now is 12:43 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy