Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Remote Access Services Administrator's Guide: HP-UX 11i v2, HP-UX 11i v3 > Chapter 1 Remote Access Services Overview

R-Commands
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Remote command execution is a process on a host that causes a program to be executed on another host.

Table 1-1 describes the different r-commands supported in the HP-UX 11i v2 operating system.

Table 1-1 R-Commands

R-Commands

Description
rloginProvides remote login to the machine connected to the network.
rlogindInvokes the remote login server.
remsh and rexecExecutes from a remote shell.
rcpCopies files remotely.
rdistInvokes the remote file distribution program.
ruptimeShows status of local machines.
rwhoShows who is logged in to a local machine.

rwhod

Invokes the system status server.

 

A description of all the r-commands is provided in the subsequent sections.

The rlogin Command

The rlogin command connects the terminal on the local host to the remote host (rhost) and acts as a virtual terminal to the remote system. The host name rhost can either be the official name or an alias as listed in the /etc/hosts file.

The syntax for the rlogin command is as follows:

rlogin rhost [-7] [-8] [-ee] [-1 username] ..... rhost [-7]
 [-8] [-ee] [-1 username]

In a Kerberos V5 network authentication environment, the syntax for the rlogin command is as follows:

rlogin rhost [-7] [-8] [-ee] [-f │ -F] [-k realm] 
[-1 username] [-P] ..... rhost [-7] [-8] [-ee] 
[-1 username][-7] [-8] [-ee] [-1 username]

If rlogin is unable to read from or write to the socket connection on the remote host, the following message is displayed on the standard error and rlogin exits:

Connection closed

Non-Secure Environment Authentication

In a non-secure, or traditional, environment, rlogin allows a user to log in to an equivalent remote host, rhost, using the normal login and password sequence, similar to the remsh command. For more information on equivalent hosts and how to specify them in the /etc/hosts.equiv and .rhosts files, type man 4 hosts.equiv at the HP-UX prompt.

When you log in to a remote system, and if you have a user account equivalent to the remote account, you are prompted for the password of the remote account. If the login fails, a login name and password is prompted, similar to a login command.

Secure Environment Authentication

In a Kerberos V5 network authentication environment, rlogin uses the Kerberos V5 protocol to authenticate the connection to a remote host. If the authentication is successful, user authorization is performed according to the rlogind command-line options (that is, -K, -R, -k, or -r). You do not require a password to log in to a remote host in a Kerberos authentication environment. The Kerberos protocol is responsible for authenticating the remote connection. In a Kerberos environment, a password, which is confidential information, is not sent over the network for authentication. This is one of the advantages of a secure environment. Fore more information on Kerberos authentication and authorization, type man 5 sis (the Secure Internet Services manpage) or man 1M rlogind at the HP-UX prompt.

Kerberos-Specific Options

You can set the default Kerberos options in the configuration file /etc/krb5.conf. You can set the -f and -F options with the tag names forward and forwardable, respectively, and set the fallback option within the appdefaults section in the krb5.conf file. If you set the fallback option to true and the Kerberos authentication fails, rlogin uses the non-secure mode for authentication. The -f and -F options are mutually exclusive. For more information, type man 4 krb5.conf at the HP-UX prompt.

For more information on rlogin, type man 1 rlogin at the HP-UX prompt.

The rlogind Program

rlogind is the server for the rlogin program. It provides remote login facility with the following authentication methods:

  • Authentication based on privileged port numbers, where the client’s source port must be in the range 512 through 1023. In this case, rlogind operates in the traditional, or non-secure, environment.

  • Authentication based on Kerberos V5. In this case, rlogind operates in a Kerberos V5 network authentication, that is, in a secure environment.

The inetd daemon invokes rlogind when a service request is received at ports indicated by the login or klogin services. These services are specified in the /etc/services file. For more information, type man 1M inetd or man 4 services at the HP-UX prompt. Service requests arriving at the klogin port are in a secure environment and Kerberos V5 handles the authentication of services.

Starting rlogind

To start rlogind from the inetd deamon in the IPv4 mode, perform the following action:

  • In a non-secure environment, you must add the following entry to the /etc/inetd.conf configuration file:

    login stream tcp nowait root /usr/lbin/rlogind rlogind

  • In a secure environment, you must add the following entry to the /etc/inetd.conf configuration file:

    klogin stream tcp nowait root /usr/lbin/rlogind 
rlogind -K

To start rlogind in IPv6 mode, add the following entry to the configuration file/etc/inetd.conf:

  • In a non-secure environment, you must add the following entry:

    login stream tcp6 nowait root /usr/lbin/rlogind rlogind

  • In a secure environment, you must add the following entry:

    klogin stream tcp6 nowait root /usr/lbin/rlogind 
rlogind -K

After you add the necessary entry to the /etc/inetd.conf file, recompile inetd using the following command:

# /etc/inetd -c

Now, inetd invokes rlogind with the service as specified in the /etc/inetd.conf file.

For detailed information on rlogind, type man 1M rlogind at the HP-UX prompt.

The remsh and rexec Commands

The remsh command enables you to connect to a remote host and execute commands. The host name can be either the official name or an alias that the function gethostbyname() is able to interpret. For more information, type man 3N gethostent or man 4 host at the HP-UX prompt. remsh exits when the sockets associated with the standard output (stdout) and standard error (stderr) are closed, that is, remsh and the remote command terminate at the same time. For more information, type man 1M remshd at the HP-UX prompt.

remsh performs the following functions:

  • Copies the standard input (stdin) from the local system to the remote command.

  • Copies stdout of the remote command to the local system’s stdout.

  • Copies stderr of the remote command to the local system’s stderr.

The syntax for remsh is as follows:

remsh host [-l username] [-n] command ... 
host [-l username] [-n] command
rexec host [-l username] [-n] command

In a Kerberos V5 network authentication environment, the syntax for remsh is as follows:

remsh host [-l username] [-f│-F] [-k realm] [-P] [-n] 
command .... host [-l username] [-f│-F] [-k realm] [-P] 
[-n] command

By default, remsh uses the following path while executing a command:

/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin

You cannot use remsh to run commands that require a terminal interface (such as vi), or commands that read standard error (such as more). In such cases, you can use rlogin or telnet to connect to the remote host. See “The telnet Program” and “The rlogin Command” for more information.

You can specify the remote account name in the remsh command by using the -l option. If you do not specify any option, the local account name is considered as the remote account name. The remote account name must be equivalent to the originating account. Additionally, the remote host account name must conform to other rules, depending upon whether the environment is secure (Kerberos V5 network authentication environment) or non-secure.

Authentication in a Non-Secure Environment

In a non-secure, or traditional environment, the remote account name must be equivalent to the originating account. remsh enables a user to log in to an equivalent remote host, rhost, using the normal login and password sequence. For more information on equivalent hosts and how to specify them in the /etc/hosts.equiv and .rhosts files, type man 4 hosts.equiv at the HP-UX prompt.

Authentication in a Secure Environment

In a Kerberos V5 network authentication environment, the local host must be authenticated successfully before the remote account name is checked for proper authentication. The authorization mechanism depends on the command-line options used to invoke remshd on the remote host (-K, -R, -k, or -r). Fore more information on Kerberos authentication and authorization, type man 5 sis or man 1M rlogind at the HP-UX prompt.

Kerberos authentication is used only to authorize the local host. All the information transferred between the local and the remote host is sent in text format over the network.

Kerberos-Specific Options

You can set the default Kerberos options in the configuration file /etc/krb5.conf. You can set the -f and -F options with the tag names forward and forwardable, respectively, and set the fallback option within the appdefaults section in the /etc/krb5.conf file. If you set the fallback option to true and the Kerberos authentication fails, remsh uses the non-secure mode of authentication. The -f and -F options are mutually exclusive. For more information, type man 4 krb5.conf at the HP-UX prompt.

The rexec Command

The rexec command differs from the remsh command in the following ways:

  • rexec uses the rexec() library routine and rexed daemon for command execution.

  • rexec does not support Kerberos authentication. It prompts for a password before executing the command instead of using the /etc/hosts.equiv file for authentication.

You must use the rexec command in instances where you are aware of the password to a remote account but you do not have sufficient permission for remsh.

For detailed information on remsh and rexec, type man 1 remsh at the HP-UX prompt.

The rcp Command

The rcp command copies files, directory subtrees, or a combination of files and directory subtrees from one or more systems to another. In many respects, it is similar to the cp command.

The syntax for the rcp command is as follows:

rcp [-p] [-S size] [-R size] source_file dest_file

To use rcp, you must have read access to the files being copied, and read and execute permission on all directories in the directory path. Third-party transfers have special requirements.

In a Kerberos V5 network authentication environment, rcp uses the Kerberos V5 protocol to initiate the connection to a remote host. The authorization mechanism depends on the command-line options that invoke remshd on the remote host (-K, -R, -k, or -r). For a detailed description of the Kerberos authentication and authorization rules, type man 5 sis on the HP-UX prompt.

Although the rcp command uses Kerberos authentication and authorization, it does not apply the Kerberos mechanism while copying files. The files are transferred in text format over the network.

You can set the default Kerberos options in the configuration file /etc/krb5.conf. You can set the -f and -F options with the tag names forward and forwardable, respectively, and set the fallback option within the appdefaults section in the /etc/krb5.conf file. If you set the fallback option to true and the Kerberos authentication fails, rcp uses the non-secure mode of authentication. The -f and -F options are mutually exclusive. For more information, type man 4 krb5.conf at the HP-UX prompt.

The rcp Command Options and Arguments

Table 1-2 describes the rcp options and arguments.

Table 1-2 rcp Options and Arguments

OptionDescription
source_file, source_dirThis option specifies the name of an existing file or directory on a local or remote machine to be copied to a specific destination.
dest_dirThis option specifies the name of the destination directory.
file_or_dirIf you specify a combination of files and directories for copying, then only files are copied unless you specify the -r option. If the -r option exits, then all the files and directory subtrees whose names match the specified file_or_dir name are copied.
-k realmThis option is used to obtain tickets from the remote host in the specified realm instead of in the remote host’s default realm, as specified in the configuration file krb.realms. This option is applicable only in a secure environment based on Kerberos V5.
-P

This option disables Kerberos authentication. If the remote host is configured to prevent non-secure access, using this option results in the following generic error:

krcmd: connect: hostname: Connection 
refused.

This option is applicable only in a secure environment based on Kerberos V5.

-pThis option preserves (duplicate) modification times and modes (permissions) of source files, ignoring the current setting of the umask file creation mode mask.

-S size

This option sets the size of the socket send buffer.

-R size

This option sets the size of the socket receive buffer.

-r

This option is used to recursively copy directory subtrees rooted at the source directory name.

 

For detailed information on rcp, type man 1 rcp at the HP-UX prompt.

The rdist Command

rdist allows you to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and modification time of files and updates executing programs.The syntax for rdist is as follows:

rdist [ -bhinqvwyMR ] [ -f distfile ] [ -d var=value ] 
[ -m host ]

The distfile in the rdist command contains a sequence of entries that specify the files to be copied, the destination hosts, and operations to perform while updating. Each entry has one of the following formats:

  • variable_name = name_list

    Used for defining variables.

  • [label:] source_list ->  destination_list  command_list

    Used for distributing files to other hosts.

  • [label:] source_list ::  time_stamp_file  command_list

    Used for preparing a list of files on the local host that have changed since a particular date.

Table 1-3

Table 1-3 The distfile Entries

OptionDescription
variable_nameSpecifies a variable name.
name_listSpecifies a list of names separated by tabs and spaces and enclosed by parentheses.
source_listSpecifies a list of files and directories on the local host to be used as a master copy for distribution.
destination_listSpecifies a list of hosts to which the source files are copied.
time_stamp_fileSpecifies a date to generate a list of files on the local host that were modified since the specified date.
label:Identifies a command for particular updates.
command_listSpecifies a list of commands to be performed.

 

describes the distfile entries.

The rdist Command Options

Table 1-4 describes the rdist options.

Table 1-4 rdist Options

OptionDescription
-f distfileSpecifies a distfile for rdist to execute. distfile contains a sequence of entries that specify the files to be copied, the destination hosts, and the operations to be performed for updating purposes.
-d var=valueDefines variable definitions in the distfile. value defines an empty string, a name, or a list of names separated by tabs or spaces and enclosed by a pair of parentheses.
-m hostSpecifies a limit on the machines to be updated.
labelSpecifies a label of a command to execute.
-c name ...

Forces rdist to interpret the remaining arguments as a small distfile.

NOTE: In IPv6-enabled systems, if you want to use the -c option, you must enclose the IPv6 address in square brackets ([ and ]).

For example:

rdist -c name user@[IPv6 address]:dest
-nPrints the commands without executing them.
-qSpecifies the quiet mode.
-RRemoves extraneous files.
-hSpecifies rdist to follow the symbolic links.
-iSpecifies rdist to ignore unresolved links.
-vVerifies whether the files are up to date on all the hosts.
-wSpecifies the whole mode. With this option, the whole file name is appended to the destination directory name.
-ySpecifies younger mode. This option causes rdist not to update files that are younger than the master copy.

-b

Specifies binary comparison. This option performs a binary comparison of the files, and updates the file if any difference exists, rather than just comparing dates and sizes.

-MChecks whether the mode, ownership, and group are the same, in addition to any other form of comparison.

 

For detailed information on rdist, type man 1 rdist at the HP-UX prompt.

The ruptime Command

ruptime produces a status line for each machine on the local network that is running the rwho daemon. ruptime’s status lines are formed from packets broadcasted every 3 minutes between the rwho daemons on each host on the network. Each status line has a field for the machine name, the status of the machine, the time duration for which the machine was up or down, the number of users logged in to the machine, and the 1-, 5-, and 15-minute load averages for the machine when the packet was sent.

The syntax for ruptime is as follows:

ruptime [-a] [-r] [-l] [-t] [-u]

The status of the machine is reported as up unless no report is received from the machine for 11 minutes. The time duration for which the machine is up is shown as follows:

days+hours:minutes

Load averages are the average number of jobs in the run queue over the last 1-, 5-, and 15-minute intervals when the packet was sent.

An example status line output by ruptime is as follows:

machine1  up  1+5:15,  7 users, load  1.47, 1.16, 0.80

The output line indicates that machine1:

  • Is currently up.

  • Has been up for 1 day, 5 hours, and 15 minutes.

  • Currently has 7 users logged in.

  • Over the last 1-minute interval, an average of 1.47 jobs were in the run queue.

  • Over the last 5-minute interval, an average of 1.16 jobs were in the run queue.

  • Over the last 15-minute interval, an average of 0.80 jobs were in the run queue.

If a user has not used the system for an hour or more, the user is considered idle. Idle users are not shown unless you specify the -a option.

Sorting Order Options

Table 1-5 describes the options that change the sorting order. If you do not specify any option, the listing is sorted by host name.

Table 1-5 Sorting Order Options

OptionDescription
-lSorts by load average.
-tSorts by up time.
-uSorts by the number of users.
-rReverses the sort order.

 

For detailed information on ruptime, type man 1 ruptime at the HP-UX prompt.

The rwho Command

The rwho command displays who is logged in to the local system. rwho displays output similar to the HP-UX who command for all the machines on the local network running the rwho daemon. If rwhod does not receive a report from a machine for 11 minutes, rwho assumes that the machine is down and does not report the information about last known users.

rwho’s output contains fields for the user name, the machine name, the user’s terminal line, the time the user logged in, and the time period for which the user is idle. The idle time is shown as hours:minutes.

If a user is inactive for 1 minute, rwho reports this as idle time. If a user is inactive for 1 hour or more, the user is omitted from rwho’s output unless the -a flag is specified.

An example rwho output is as follows:

joe_user   machine1:tty0p1  Sep 12  13:28   :11

The output line indicates that joe_user has:

  • Logged in to machine1.

  • Terminal line tty0p1.

  • Been logged in since September 12th at 13:28.

  • Not typed anything into the machine for 11 minutes.

For detailed information on rwho, type man 1 rwho at the HP-UX prompt.

The rwhod Program

rwhod is the server that maintains the database used by the rwho and ruptime commands. rwhod sends and receives status information from other nodes running the rwhod daemon on the local network.

rwhod performs the following functions as an information sender:

  • Periodically queries the state of the system.

  • Constructs status messages.

  • Broadcasts the status messages on the network.

rwhod performs the following functions as an information receiver:

  • Listens for other rwhod servers’ status messages.

  • Validates the status messages.

  • Records the status messages in files located in the /var/spool/rwho directory.

By default, rwhod sends and receives information. You can configure rwhod to either send or receive information by using the -s and -r options, respectively. rwhod starts during system startup if the variable RWHO is set to 1 in the /etc/rc.config.d/netdaemons file.

For more information, type man 1M rwhod at the HP-UX prompt.



Chapter 1 Remote Access Services Overview
  		 


The telnet Program  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.