hpux

Using HP-UX Internet Services

HP-UX 11i v2

Edition 1

Manufacturing Part Number: B2355-90827

August 2003

U.S.A.

© Copyright 2003 Hewlett-Packard Development Company L.P. All Rights Reserved.

Legal NoticesThe information in this document is subject to change without notice.

Hewlett-Packard makes no warranty of any kind with regard to thismanual, including, but not limited to, the implied warranties ofmerchantability and fitness for a particular purpose. Hewlett-Packardshall not be held liable for errors contained herein or direct, indirect,special, incidental or consequential damages in connection with thefurnishing, performance, or use of this material.

Warranty

A copy of the specific warranty terms applicable to your Hewlett-Packardproduct and replacement parts can be obtained from your local Sales andService Office.

U.S. Government License

Proprietary computer software. Valid license from HP required forpossession, use or copying. Consistent with FAR 12.211 and 12.212,Commercial Computer Software, Computer Software Documentation,and Technical Data for Commercial Items are licensed to the U.S.Government under vendor's standard commercial license.

Copyright Notice

Copyright 1997-2003 Hewlett-Packard Development Company L.P. Allrights reserved. Reproduction, adaptation, or translation of thisdocument without prior written permission is prohibited, except asallowed under the copyright laws.

© Copyright 1979, 1980, 1983, 1985-93 Regents of the University ofCalifornia

This software is based in part on the Fourth Berkeley SoftwareDistribution under license from the Regents of the University ofCalifornia.

© Copyright 1980, 1984, 1986 Novell, Inc.© Copyright 1986-1992 Sun Microsystems, Inc.© Copyright 1985-86, 1988 Massachusetts Institute of Technology.

2

© Copyright 1989-93 The Open Software Foundation, Inc.© Copyright 1986 Digital Equipment Corporation.© Copyright 1990 Motorola, Inc.© Copyright 1990, 1991, 1992 Cornell University© Copyright 1989-1991 The University of Maryland© Copyright 1988 Carnegie Mellon University

Trademark Notices

MS-DOS and Microsoft are U.S. registered trademarks of MicrosoftCorporation.

UNIX is a registered trademark in the United States and othercountries, licensed exclusively through The Open Group.

X Window System is a trademark of the Massachusetts Institute ofTechnology.

Intel Itanium Processor Family is a trademark of Intel Corporation inthe U.S. and other countries and is used under license.

3

Contents

About This Document

1. Logging into a Host Using telnetChecking Your Local Terminal Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Using telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Normal Procedure to Invoke telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Quicker Method to Invoke telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Checking Your Remote Terminal Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Changing the Behavior of Carriage Returns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Disabling or Enabling the Carriage Return . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Obtaining Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Listing the telnet Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Getting Information about a Specific telnet Command . . . . . . . . . . . . . . . . . . . . . . . 20

2. Logging into a Host with rloginUsing rlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Creating a $HOME/.rhosts File on a Remote Host. . . . . . . . . . . . . . . . . . . . . . . . . . . 25

3. Transferring Files with ftpUsing ftp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Setting Up Automatic Remote Login for ftp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

4. Transferring Files with rcpEnabling rcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Using rcp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

5. Distributing Files Using rdistOverview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Setting Up remsh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Authentication for remsh and rexec Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39PAM Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Enabling Standard UNIX Authentication on rexecd and remshd Services. . . . . . 41Enabling DCE Integrated Logging Authentication. . . . . . . . . . . . . . . . . . . . . . . . . 41Using remshd in a Secure Internet Services Environment . . . . . . . . . . . . . . . . . . 41

Creating the distfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5

Contents

Variable Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42File Distribution Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Command to List Changed Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Starting rdist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Example Output on the Master Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Troubleshooting rdist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

6. Executing Commands with remshEnabling remsh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Using remsh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

The remsh Command Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

7. Listing Hosts with ruptimeUsing ruptime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60ruptime Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

8. Listing Users with rwhoUsing rwho . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64rwho Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

9. Secure Internet ServicesUsing the Secure Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6

About This DocumentThis manual describes how to use the HP-UX Internet Services products.It assumes that the HP-UX 11i v2 operating system software and theappropriate files, scripts, and subsets are installed on your system.

Intended AudienceThis manual is intended for end users who have experience working onHP-UX and have access to the HP-UX manpages. It is also helpful tohave knowledge of Transmission Control Protocol/Internet Protocol(TCP/IP) networking concepts and network configuration; this manual isnot a TCP/IP tutorial.

HP-UX Release Name and Release IdentifierEach HP-UX 11i release has an associated release name and releaseidentifier. The uname (1) command with the -r option returns the releaseidentifier. Table 1 shows the releases available for HP-UX 11i.

Table 1 HP-UX 11i Releases

ReleaseIdentifier Release Name Supported Processor

Architecture

B.11.11 HP-UX 11i v1 PA-RISC

B.11.20 HP-UX 11i v1.5 Intel Itanium Processor Family



7

Publishing HistoryTable 2 provides, for a particular document, the manufacturing partnumber, the respective operating systems, and the publication date.

What’s In This DocumentUsing HP-UX Internet Services is divided into chapters, containinginformation about how to use the different Remote Access Services andSecure Internet Services (SIS) in Internet Services.

Table 3 describes the content in more detail.

Table 2 Publishing History Details

DocumentManufacturingPart Number

OperatingSystem

Supported

PublicationDate

B2355-90111 10.x June 1996

B2355-90148 11.0 October 1997

B2355-90743 11.1111.2011.22

May 2001

Table 3 Document Organization

Chapter Description

Logging into a HostUsing telnet

Provides information about how to use thetelnet program. It also explains the stepsto verify the local terminal configurationsettings, and the terminal settings on theremote host.

Logging into a Host withrlogin

Describes how to log into a remote HP-UXor UNIX host from a local host. It alsodescribes how to create a $HOME/.rhostsfile on a remote host.

8

Related DocumentationFor more information about the Internet Services suite of products, seethe following books:

• HP-UX Mailing Services Administrator’s Guide

Provides information about the mail user agents (elm , mailx , mail )and mail transport agent (Sendmail) used in the HP-UX 11i v2operating system. This manual also contains a description ofconfiguring and administering Sendmail on your system. You canaccess this manual at the following URL:

http://www.docs.hp.com/hpux/netcom/index.html#Internet%20Services

• HP-UX Routing Services Administrator’s Guide

Transferring Files withftp

Provides information about copying filesover a network connection between thelocal client host and a remote host, usingthe FTP protocol. It also describes how toset up an automatic remote login for ftp .

Transferring Files withrcp

Describes how to transfer files betweenHP-UX or UNIX hosts.

Executing Commandswith remsh

Describes how to execute commands on aremote host using the remsh command.

Listing Hosts withruptime

Describes how to list the statusinformation of HP-UX or UNIX hosts onthe local area network.

Listing Users with rwho Describes how to use list informationabout HP-UX or UNIX hosts on a localarea network using the rwho command.

Secure Internet Services Describes how to use Secure InternetServices with Kerberos authenticationand authorization.

Table 3 Document Organization (Continued)

Chapter Description

9


Provides an overview of the routing daemons, gated and mrouted ,supported in the HP-UX 11i v2 operating system. It also explains thevarious protocols that these routing daemons support.You can accessthis manual at the following URL:


• HP-UX IP Address and Client Management Administrator’s Guide

Provides an overview of the IP address and client managementimplementations on the HP-UX 11i v2 operating system, whereBIND, DHCPv6 and SLP deal with the client management, and NTPdeal with the IP address management. You can access this manual atthe following URL:


• HP-UX Remote Access Services Administrator’s Guide

Provides information about the Remote Access Services available inthe HP-UX 11i v2 operating system: r-commands, tftp , WU-FTP,and telnet . You can access this manual at the following URL:


• Request for Comments (RFC)

Many sections of this manual refer to RFCs for more informationabout certain networking topics. These documents publicize Internetstandards, new research concepts, and status memos about theInternet. You can access the full range of RFC documents and moreinformation about the Internet Engineering Task Force (IETF) at thefollowing URL:

http://www.ietf.org/rfc.html

• Other Documents

For detailed technical and conceptual information about BIND, aswell as information about planning a BIND hierarchy and usingSendmail with BIND, HP recommends that you read DNS andBIND, by Paul Albitz and Cricket Liu, published by O’Reilly andAssociates, Inc. You can get information about the book (includingretail outlets where you can buy it, as well as how to order it directlyfrom O’Reilly) by visiting the O’Reilly Website:

10


http://docs.hp.com/hpux/onlinedocs/B2355-90137.html




http://www.ietf.org/rfc.html

http://www.ora.com

• iknow Topics of Interest

HP iknow Topics of Interest describe some networking concepts andtasks, as well as other topics. You can find these documents on theHP-UX networking communications home page at the followingURL:

http://docs.hp.com/iknow

Typographical ConventionsThis document uses the following typographic conventions:

audit (5) An HP-UX manpage. In this example, audit is thename and 5 is the section in the HP-UX Reference. Onthe web and on the Instant Information CD, it may be ahot link to the manpage itself. From the HP-UXcommand line, you can enter “man audit ” or “man 5audit ” to view the manpage. See man (1).

Book Title The title of a book. On the web and on the InstantInformation CD, it may be a hot link to the book itself.

ComputerOut Text displayed by the computer.

Command A command name or qualified command phrase,daemon, file, or option name.

$ The system prompt for the Bourne, Korn, and POSIXshells.

# The superuser prompt.

daemon Courier font type indicates daemons, files, commands,manpages, and option names.

Variable The name of a variable that you may replace in acommand or function or information in a display thatrepresents several possible values.

[ ] { } In syntax definitions, square brackets indicate itemsthat are optional and braces indicate items that arerequired.

(Ctrl+A ) This symbol indicates that you hold down the firstnamed key while pressing the key or mouse button thatfollows the plus.

11

http://docs.hp.com/iknow

HP Encourages Your FeedbackHP welcomes any comments and suggestions you have on this manual.

You can send your comments in the following ways:

• Internet electronic mail: [email protected]

• Using a feedback form located at the following URL:

http://docs.hp.com/assistance/feedback.html

Please include the following information along with your comments:

• The full title of the manual and the part number. (The part numberappears on the title page of printed and PDF versions of a manual.)

• The section numbers and page numbers of the information on whichyou are commenting.

• The version of HP-UX that you are using.

12

mailto:[email protected]



1 Logging into a Host Using telnet

telnet is used to log into a remote HP-UX, UNIX, or non-UNIX hostthat supports the ARPA services. It allows you to enter and executecommands on the remote host similar to executing commands on theremote host’s console.

Chapter 1 13

Logging into a Host Using telnet

This chapter contains information about how to log into a host using thetelnet program. It discusses the following topics:

• “Checking Your Local Terminal Configuration” on page 15

• “Using telnet” on page 16

• “Quicker Method to Invoke telnet” on page 17

• “Checking Your Remote Terminal Configuration” on page 18

• “Changing the Behavior of Carriage Returns” on page 19

• “Obtaining Help” on page 20

For more information, type man 1 telnet at the HP-UX prompt.

Chapter 114

Logging into a Host Using telnetChecking Your Local Terminal Configuration

Checking Your Local Terminal ConfigurationBefore you log into a remote host using the telnet or rlogin program,ensure that your local terminal configuration settings are correct for thetype of remote communication you intend to perform.

The following factors determine if you need to change your local terminalconfiguration settings:

• Type of remote host you intend to log into.

• Type of applications you intend to run on the remote host.

Follow these guidelines if you have an HP terminal attached to an HPIntegrity system as your local host:

• When you log into a remote DEC VAX VMS host, you must set theHP terminal to ANSI compatibility mode. Set the ANSI terminalconfiguration to map DEL (ASCII 127) to the backspace key and touse the XON/XOFF protocol handshake.

• When you communicate with a remote HP host, you must set the HPterminal to HP compatibility mode. Set the HP terminalconfiguration to map BS (ASCII 8) to the backspace key and to usethe ENQ/ACK protocol handshake.

These terminal configuration settings ensure that both screen-orientedand line-oriented applications work properly when run on a remote hostthrough telnet or rlogin . Do not change any other terminalconfiguration settings.

In general,

• Remote line mode applications work properly over telnet or rloginirrespective of your local terminal’s compatibility mode setting.

• Remote screen mode applications require that your local terminaland the remote host use the same commands to control cursormovements.

• Remote block mode applications do not work over telnet or rloginand are not supported.

For more information, see the terminal documentation for the hosts withwhich you work.

Chapter 1 15

Logging into a Host Using telnetUsing telnet

Using telnetThis sections describes the following methods to use the telnet :

• Normal Procedure to Invoke telnet

• Quicker Method to Invoke telnet

Normal Procedure to Invoke telnet

The following steps describe how to use the telnet program:

1. Type telnet at the HP-UX prompt, as follows to start telnet in thecommand mode:

telnet

In the command mode, telnet displays the telnet> prompt. Fromthe command mode, you can execute telnet commands. Type ? atthe telnet> prompt for a list of telnet commands.

2. At the telnet> prompt, type the following command to connect to aremote host:

telnet> open hostname

or

telnet> open IP_address

Following is an example to connect to a remote host hpabsa :

telnet> open hpabsa

3. Type your user name and password when the remote host promptsfor it. You must have a valid login to the remote host to connect to itusing telnet . If you are using the Secure Internet Services versionof telnet , you will not be prompted for a login name or password.

After you log into the remote host, telnet is in input state. Whentelnet is in input state, you can use the remote host as if yourterminal or workstation is physically connected to that host.

If certain keystrokes do not function as expected, or if your display isnot proper, see “Checking Your Remote Terminal Configuration” onpage 18.

Chapter 116

Logging into a Host Using telnetUsing telnet

4. When you have finished working on the remote host, type the telnetescape character to return to command state. The escape character isCTRL-] if you have not changed it with the telnet escape command.

5. At the telnet> prompt, type the following command to disconnectfrom the remote host:

close hostname

Following is an example to disconnect from the remote host hpabsa :

telnet> close hpabsa

6. Type quit to exit from the telnet session:

telnet> quit

Quicker Method to Invoke telnet

The following steps describe how to quickly invoke a telnet session:

1. Type the following command at the HP-UX prompt to invoke thetelnet session:

telnet hostname or telnet IP_address

Following is an example to quickly invoke the telnet session:

telnet hpabsa

2. Type your user name and password when the remote host promptsfor it. You must have a valid login to the remote host to connect to itwith telnet . If you are using the Secure Internet Services version oftelnet you will not be prompted for a login name or password.

After you log into the remote host, telnet is in input state. Whentelnet is in input state, you can use the remote host as if yourterminal or workstation is physically connected to that host.

If you notice that certain keystrokes do not function as expected, see“Checking Your Remote Terminal Configuration” on page 18.

3. When you have finished working on the remote host, type thefollowing command to log out of the remote host and exit from thetelnet session:

telnet> exit

Chapter 1 17

Logging into a Host Using telnetChecking Your Remote Terminal Configuration

Checking Your Remote TerminalConfigurationAfter you have connected to the remote host, if you are using an HPterminal or an HP terminal emulator (such as a terminal window in HPVUE), follow this procedure to check your terminal settings on theremote host.

1. Issue the following command at the remote host’s command promptto ensure that your terminal type is set to hp:

echo $TERM

2. If your terminal type is not set to hp, issue the following command toset the terminal type:

eval ‘tset -s hp‘

NOTE Ensure that you use single back quotes and not regular single quotemarks.

3. Issue the following command at the remote host’s command promptto check your terminal settings:

stty

The output displayed must display the following terminal settingsapart from other terminal settings:

intr = ^Cerase = ^Hkill = ^U

4. If your terminal settings are not correct, issue the followingcommand to set the terminal settings:

stty intr \ˆC erase \ˆH kill \ˆU

For a detailed information, type man 1 stty or man 1 tset at theHP-UX prompt.

Chapter 118

Logging into a Host Using telnetChanging the Behavior of Carriage Returns

Changing the Behavior of Carriage ReturnsYou may sometimes notice a change in the way your local host interpretsa carriage return received from a remote host. This indicates that thetelnet ’s carriage return mode setting is wrong for the type of remotehost to which you are connected. In such cases, your local host mustchange the carriage return setting appropriately.

The following lists the behavioral change in the carriage return, and thecorrective action:

• If pressing Return produces double-spaced lines (indicating an extraline feed), you need to disable carriage return mode.

• If pressing Return moves the cursor to the beginning of the same lineso that the same line keeps getting overwritten (indicating no linefeed), you need to enable carriage return mode.

Disabling or Enabling the Carriage Return

If you are not at the telnet> prompt, enter the telnet escape character(usually CTRL-] ) to display the prompt.

At the telnet> prompt, type the following command:

toggle crmod

If the carriage return mode was on, telnet turns it off and displays thefollowing:

Won't map carriage return on output.

If the carriage return mode was off, telnet turns it on and displays thefollowing:

Will map carriage return on output.

If you are connected to a remote host, telnet returns you to the remotehost. To redisplay the remote host’s prompt, press the Return key.

Chapter 1 19

Logging into a Host Using telnetObtaining Help

Obtaining HelpYou can obtain information about the telnet commands by typing ? atthe telnet> prompt. You can either list the commands or obtaininformation about a specific command.

Listing the telnet Commands

To list the telnet commands, perform the following steps:

1. If you are not at the telnet> prompt, enter the telnet escapecharacter (usually CTRL-] ) to display the prompt.

2. At the telnet> prompt, enter the following character:

?

A list of all the telnet commands are displayed.

NOTE If you are connected to a remote host and wish to redisplay itsprompt, press Return twice.

Getting Information about a Specific telnet Command

To obtain information about a specific telnet command, perform thefollowing steps:

1. If you are not at the telnet> prompt, enter the telnet escapecharacter (usually CTRL-] ) to display the prompt.

2. At the telnet> prompt, enter the following command:

? telnet_command

For example, if you type the following command at the telnetprompt:

? open, telnet

telnet displays the following information about the open command:

connect to a site

Chapter 120


NOTE If you were connected to a remote host and wish to redisplay itsprompt, press Return twice.

Chapter 1 21


Chapter 122

2 Logging into a Host with rlogin

rlogin is used to log into a remote HP-UX or UNIX host from your localhost. It allows you to work on the remote host similar to executingcommands on the remote host’s console. For more information, type man1 rlogin at the HP-UX prompt.

Chapter 2 23

Logging into a Host with rloginUsing rlogin

Using rloginIf you have an account on a remote host, you can use rlogin to log intothe remote host. The following steps describe how to log into a remotehost:

1. Before you log into a remote host with rlogin , ensure that your localterminal configuration settings are correct for the type of remotecommunication you intend to perform. See “Checking Your LocalTerminal Configuration” on page 15, for more information.

2. Issue the following command to log into the remote host:

rlogin remote_hostname [-l remote_login_name ]

Use the -l remote_login_name option if your login name on theremote host is different from the login name for your local account.

3. Type the login name and password for your account on the remotehost when you are prompted for it. If you are using the SecureInternet Services version of rlogin you will not be prompted for apassword.

If certain keystrokes do not behave as expected, or if your display isnot proper, see “Checking Your Remote Terminal Configuration” onpage 18 for corrective measures.

4. To log out of the remote host, type exit or press CTRL-D at thecommand prompt.

rlogin disconnects from the remote host and returns to the HP-UXprompt on your local host.

You need not specify a password while logging into a remote host if yourlocal host name is configured in the remote host’s /etc/hosts.equivfile, and if your login name on the local host matches with your loginname on the remote host.

You can configure a .rhosts file in your home directory on the remotehost that allows you to log in from the local host without supplying yourremote login name and password. See “Creating a $HOME/.rhosts Fileon a Remote Host” on page 25 for more information.

Chapter 224


Creating a $HOME/.rhosts File on a Remote Host

If you have an account on a remote host, you can set up the account sothat you can log into the remote host without specifying your remotelogin name and password.

To create a $HOME/.rhosts file on the remote host, perform the followingsteps:

1. If you do not know where your home directory is on the remote host,log into the remote host and issue the following command:

echo $HOME

2. Create a file called .rhosts in your home directory on the remotehost, if it does not already exist, and add the following line to it:

your_local_host's_name your_local_login_name

3. Issue the following command to ensure that you are the owner of theremote .rhosts file:

ls -l .rhosts

4. Issue the following command to protect your remote .rhosts file sothat only you can read it:

chmod 0400 .rhosts

5. Move to the parent directory of your home directory, and issue thefollowing command to protect your remote home directory byrestricting write permission to other users (that is, group andothers):

chmod 0755 your_home_directory

For more information on the .rhosts file, type man 4 hosts.equiv atthe HP-UX prompt.

IMPORTANT A $HOME/.rhosts file creates a significant security risk. Because of this,its functionality may be disabled on the remote host. If it has beendisabled, your $HOME/.rhosts file will not work even if it exists on yoursystem.

Chapter 2 25


Chapter 226

3 Transferring Files with ftp

With ftp , you can transfer files among HP-UX, UNIX, and non-UNIXnetwork hosts that support ARPA services. For more information, typeman 1 ftp at the HP-UX prompt.

Chapter 3 27

Transferring Files with ftpUsing ftp

Using ftpThe following steps describe how to transfer files between the local andremote host using the ftp program:

1. Issue the following command to establish a connection with theremote host:

ftp remote_host_name

or

ftp remote_IP_address

2. Type your user name when prompted for by the remote host. If youdo not have an account on the remote host, type anonymous or ftp asthe user name to get access to the anonymous ftp directory.Anonymous ftp allows you to access only the directory that is set upfor anonymous ftp .

3. Type your password when prompted for by the remote host. If youare logging in as an anonymous user, type your user name and localhost name as the password, in the following format:

user_name @local_host_name

If you are using the Secure Internet Services version of ftp you willnot be prompted for a password.

4. Set the transfer type, if necessary. You can use the binary type totransfer all types of files. To identify the current transfer type, typestatus at the ftp> prompt. To set the transfer type to binary , typebinary at the ftp> prompt.

5. You can perform directory operations on the remote host, by issuingcommands such as pwd, cd , and ls . For a list of ftp commands, type? at the ftp> prompt. For help on a specific command, type ?command at the ftp> prompt.

To perform directory operations and other shell commands on thelocal host, put an exclamation point before the command, forexample, !ls .

6. At the ftp> prompt, use the following put or get command totransfer files between the local and remote systems:

Chapter 328

Transferring Files with ftpUsing ftp

ftp> put filename [ destination_filename ]ftp> get filename [ destination_filename ]

The put command transfers a file from the local host to the remotehost. The get command transfers a file from the remote host to thelocal host. If you do not specify a destination_filename , the file iscopied with the original name.

7. To exit from ftp and return to the HP-UX prompt on your local host,type quit at the ftp> prompt.

Chapter 3 29

Transferring Files with ftpSetting Up Automatic Remote Login for ftp

Setting Up Automatic Remote Login for ftpIf you have an account on a remote host, you can create a .netrc file inyour local home directory that allows you to log into the remote hostwithout supplying your remote login name and password. The .netrcfile can be used for programs that need to perform ftp operationsunattended.

The following steps describe how to create the .netrc file on the localhost:

1. Create a file called .netrc in your home directory on the local host, ifit does not already exist, and add the following line to it:

machine host_name login login_name password password

The following example allows you to use ftp to log into the hostbasil as user andy without supplying the user name or thepassword, which is pre10der .

machine basil login andy password pre10der

2. Issue the following command to ensure that you are the owner of the.netrc file:

ls -l .netrc

3. Issue the following command to protect your .netrc file so that onlyyou can read it:

chmod 0400 .netrc

4. Move to the parent directory of your home directory, and issue thefollowing command to protect your home directory by restrictingwrite permission to other users (that is, group and others):

chmod 0755 your_home_directory

For more information, type man 4 netrc at the HP-UX prompt.

IMPORTANT The .netrc file creates a security risk because the password in this file isnot encrypted.

Chapter 330

4 Transferring Files with rcp

The rcp command allows you to copy files between HP-UX or UNIXhosts. You can also copy the contents of an entire directory, including thecontents of all its subdirectories, using the rcp command. From yourlocal host, you can also copy files between two remote hosts.

Chapter 4 31

Transferring Files with rcpEnabling rcp

Enabling rcpBefore you can use rcp to copy files to or from a remote host, the remotehost must be configured in one of the following methods:

• You must have an account on the remote host with the same loginname as your local login name and the name of your local host mustbe in the remote host’s /etc/hosts.equiv file.

• You must have an account on the remote host, and the name of yourlocal host and your local login name must be in a .rhosts file in yourhome directory on the remote host.

For more information, see “Creating a $HOME/.rhosts File on a RemoteHost” on page 25.

For more information about rcp , type man 1 rcp at the HP-UX prompt.

Chapter 432

Transferring Files with rcpUsing rcp

Using rcpYou can use rcp to copy one or more files or directories from the localhost to a remote host, as in the following example:

rcp /tmp/memo1 /tmp/memo2 basil:/home/roger

This example copies the files /tmp/memo1 and /tmp/memo2 from the localhost to the user Roger’s home directory on the host basil . The last pathspecified on the command line is considered as the destination path. Thefiles specified in the paths before the destination path denote the filesthat are to be copied.

You can use rcp to copy one or more remote files or directories to thelocal host. With the -r (recursive) option, you can use rcp to copy thecontents of a directory and all its subdirectories, as in the followingexample:

rcp -r sage:/home/gwen /home/gwen

This example copies the contents of user gwen’s home directory from thehost sage to the directory /home/gwen on the local host.

If you do not specify the entire path name, the path name is interpretedrelative to your home directory, as in the following example:

rcp memo* *mail sage:june_mail

This example copies all files whose names begin with memo and all fileswhose names end with mail from the user’s local home directory to thedirectory june_mail in the user’s home directory on host sage .

NOTE Any output generated by commands in a .login , .profile , or .cshrcfile on the remote host can cause rcp errors.

IMPORTANT Do not attempt to copy a file over itself, as in the following example:

rcp /home/cheryl/.profile /home/cheryl/.profile

This can corrupt the file’s contents.

Chapter 4 33

Transferring Files with rcpUsing rcp

Chapter 434

5 Distributing Files Using rdist

This chapter contains information about how to use rdist , a programthat distributes and maintains identical copies of files across multiplenetwork hosts. You can use rdist to install new or updated software onall the machines in a network. This chapter includes the following

Chapter 5 35

Distributing Files Using rdist

sections:

• “Overview” on page 37

• “Setting Up remsh” on page 39

• “Creating the distfile” on page 42

• “Starting rdist” on page 50

• “Troubleshooting rdist” on page 53

Chapter 536

Distributing Files Using rdistOverview

Overviewrdist facilitates maintaining of identical copies of files over multiplehosts. It preserves the owner, group, mode and modification time of thefile and can also update programs that are executing.

To use rdist , you must designate one system in the network as themaster host. The master host contains the master copy of the sourcefiles that are distributed to remote hosts.

The rdist software is installed as part of the operating system. It mustreside in the /usr/bin directory on the master host and on the remotehosts that are to be updated. The directory must be owned by the rootand must have its access permissions set to rwsr-xr-x . The rdistprocess on the master host starts an rdist process on each remote host.

rdist uses remsh as the mechanism for distributing files over thenetwork. To use rdist , you must set up remsh on all the remote hosts.See “Setting Up remsh” on page 39 for more information.

A file on a remote host is updated if the size or modification time of thefile differs from the master copy. Programs that are being executed onthe remote host can also be updated. The next time the program is run,the new version of the program is executed. The owner, group, mode, andmodification time of the files on the master host are preserved on theremote host. The ownership of the files is preserved only if the remoteuser is a superuser. Otherwise, the files are owned by the remote user.Command-line options are provided to control this behavior.

By default, the list of files updated on each remote host is printed to thestandard output on the master host. You can also mail the list of updatedfiles for a particular remote host to a specified mail recipient.

Chapter 5 37

Distributing Files Using rdistOverview

Figure 5-1 shows the distribution of source files filea1 , filea2 , andfilea3 from the master host A to the remote hosts B and C.

Figure 5-1 Distributing Files with rdist

The rdist process does not prompt for passwords. The user on themaster host who starts rdist (usually a system or networkadministrator) must have an account on the remote host and must beallowed remote command execution. (The working directory on theremote host is the user’s home directory.) You can also specify a username on a remote host for rdist that has the appropriate permissionsfor accessing files on the remote host. For more information, see“Creating the distfile” on page 42.

rdist on the master host reads commands from distfile, an ASCII filethat specifies the files or directories to be copied, the remote hosts to beupdated, and the operations to be performed for the update. You canspecify the distfile when invoking rdist on the master host using the-f command-line option. Otherwise, rdist searches in the currentworking directory for the file named Distfile to use as the input file.

System A(Master Host)

rdist

System B

rdist

System C

rdist

Source Files:filea1filea2filea3

Standard Output:updating host Binstalling: filea1installing: filea2installing: filea3updating host C. . .

Chapter 538

Distributing Files Using rdistSetting Up remsh

Setting Up remshrdist uses remsh as the mechanism for distributing files over thenetwork. In order to use rdist , you must set up remsh on all the remotehosts. To set up remsh , perform the following steps on each of the remotehosts:

1. Create an entry for the master host in the $HOME/.rhosts file of theuser who runs rdist .

For example, if rdist is run by the root user, create an entry for themaster host in the root’s .rhosts file (/.rhosts ) on each remotehosts.

NOTE On each remote host, ensure that the following entry isuncommented in the /etc/inetd.conf file (that is, ensure that thisentry is not preceded by #).

shell stream tcp nowait root /usr/lbin/remshd remshd

2. Issue the following command to force inetd to reread itsconfiguration file:

/usr/sbin/inetd -c

Authentication for remsh and rexec Services

Pluggable Authentication Modules (PAM) for authentication issupported on HP-UX. PAM support enables users who are not listed inthe /etc/passwd file to use the rexec and remsh services. It also enablesyou to use authentication methods other than the standard UNIXauthentication mechanisms such as distributed Computing Environment(DCE) integrated login and Kerberos.

The rexecd and remshd services use the authentication mechanismspecified in the OTHER directive of the /etc/pam.conf file. To use otherauthentication methods, you must edit the /etc/pam.conf file.

Chapter 5 39


PAM Configuration File

The /etc/pam.conf file is the configuration file for the PAMarchitecture. The /etc/pam.conf file contains a list of services and eachservice is paired with a corresponding service module. When a service isrequested, its associated module is invoked. Each entry in the/etc/pam.conf file has the following format:

Service_name module_type control_flag module_path options.

where,

service_name This option refers to a service.

module_type This option indicates the service module type. Thepossible module types include:

• Authentication (auth )

• Account management (account )

• Session management (session )

• Password management (passwd )

control_flag This option determines the behavior of stacking. Formore information on stacking, type man 4 pam. confat the HP-UX prompt.

module_path This option specifies the pathname to a shared libraryobject that implements the service functionality.

options This option is used by the PAM framework layer topass module-specific options to the modules. Themodule parses and interprets the options. The modulescan use this field to turn on debugging or to pass anymodule-specific parameters such as a TIMEOUTvalue. Itcan also be used to support unified login.

you can find the following entries in the /etc/pam.conf file:

# service module control module path# name type flagdtlogin auth required /usr/lib/security/libpam_unix.1 debugdtlogin account required /usr/lib/security/libpam_unix.1OTHER auth optional /usr/lib/security/libpam_unix.1

Chapter 540


In this example, dtlogin and the keyword, OTHER, indicate the servicename. The service name OTHER specifies the module for all thoseapplications that are not specified in the configuration file.

Enabling Standard UNIX Authentication on rexecd and remshdServices

To use the rexec and remsh services enabled with PAM, add thefollowing entries to the /etc/pam.conf file:

rcomds auth required /usr/lib/security/libpam_unix.1rcomds account required /usr/lib/security/libpam_unix.1

The remshd and rexecd services use these entries as configurationinformation for authenticating users. Adding these entries in the/etc/pam.conf file informs rexec and remsh to use the UNIXauthentication mechanism to authenticate the users.

A service (such as rexec , remsh ), can have more than one entry in the/etc/pam.conf file for each of the module types available. For moreinformation, type man 4 pam.conf at the HP-UX prompt.

Enabling DCE Integrated Logging Authentication

To enable DCE integrated logging authentication mechanism, add thefollowing entry to the /etc/pam.conf file:

rcomds auth required /usr/lib/security/libpam_dce.1

Using remshd in a Secure Internet Services Environment

The rexec service does not work in the Secure Internet Services (SIS)environment. However, the remsh service works in the SIS environment.To use remsh enabled with PAM in the SIS environment, add thefollowing entry to the /etc/pam.conf file.

rcomds auth required /usr/lib/security/libpam_dce.1

In the Kerberos environment, remsh contains command-line options forcombining UNIX method and Kerberos method of authentication. Acombination of both the Kerberos and UNIX authentication is available.

Chapter 5 41

Distributing Files Using rdistCreating the distfile

Creating the distfileThe distfile used by the master host contains a sequence of entriesthat specify the files to be copied, the destination hosts, and theoperations to be performed for updating the host. The distfile is anASCII file, therefore you can create the distfile , which is an ASCII file,using any text editor. The structure of a distfile is similar to the makeprogram.

The following syntax rules apply to the distfile :

• Newlines, tabs, and blanks are used as separators and are ignored.

• Comments begin with a pound sign (#) and end with a newline.

• Shell meta characters ([, ], {, }, *, and ?) expand on the master host inthe same way as with the csh command. Use a backslash (\) toescape a meta character. (For more information, type man 1 csh atthe HP-UX prompt.)

• File names that do not begin with a forward slash (/ ) or tilde (˜ ) areassumed to be relative to the user’s home directory on each remotehost.

A distfile contains entries of the following types:

• Definitions of variables that are used with distfile commands.

• Commands that distribute files to other hosts.

• Commands to create lists of files that have changed since a specifieddate.

Each of these types of entries is described in the following sections.

Variable Definitions

You can use variables to represent a list of items, such as the names offiles to be distributed or the remote hosts to be updated. You can definevariables anywhere in the distfile , but they are usually groupedtogether at the beginning of the file. Variables are then used in commandentries. The format for defining variables is as follows:

variable_name = name_list

where,

Chapter 542


variable_name Specifies the name used to reference the variable.

name_list Contains item names separated by a space andenclosed within parentheses.

Spaces or tabs on either side of the equals (=) sign are ignored.Subsequent appearances of the ${ variable_name } in the distfile(except in comments) are replaced by name_list . (You can omit braces ifthe variable_name consists of just one character.)

You can also specify variable definitions on the command line whileinvoking rdist ; variable definitions on the command line override thedefinitions in the distfile (see “Starting rdist” on page 50).

The following are examples of variable definition entries in a distfile :

HOSTS = ( matisse root@arpa)

FILE S = ( /bin /lib /usr/bin /usr/games/usr/include/{*.h,{stand,sys,vax*,pascal,machine}/*.h

/usr/lib /usr/man/man? /usr/ucb/usr/local/rdist `cat ./std-files` )

EXLIB = (Mail.rc aliases aliases.dir aliases.pag crontab dshrcsendmail.cf sendmail.fc sendmail.hf sendmail.st uucp vfont )

The variable definition entries in the distfile are described as follows:

• The first entry defines the variable HOSTS to represent two remotehosts, matisse and arpa , that are to be updated. If you specify aremote host in the form user @host , user is the user name on hostthat is used to update files and directories on that host. Otherwise,the user name on the master host is used to update the remote host.

• The second entry defines the variable FILES to represent the filesand directories to be updated on the remote hosts. The shell metacharacters { , } , and * in the second line of this entry are used in theshorthand form that represent the files /usr/include/*.h ,/usr/include/stand/*.h , /usr/include/sys/*.h ,/usr/include/vax*/*.h and so on. The * character is used as awildcard. You can use commands, such as cat , within singlebackquotes (`) in the variable list.

• The last entry defines the variable EXLIB to represent the files thatmust not be updated on the remote hosts.

The following sections provide examples on how the variables are used inthe distfile command entries.

Chapter 5 43


File Distribution Commands

The distfile command entries that distribute files to a remote host arespecified in the following format:

[ label :] source_list -> destination_list command_list ;

where,

Command Entry Description

label : Groups the command entries and is anoptional distfile command entry. You canuse labels to perform a partial update.Normally, rdist updates all the files anddirectories listed in a distfile . You caninvoke rdist with a specific label; in thiscase, and rdist executes only the entriesunder the specified label.

source_list Specifies the directories or files on themaster host that must be used as themaster copy for distributing to the remotehosts.

destination_list Specifies the list of remote hosts to whichsource_list must be distributed

source_list anddestination_list

The following names are allowed for thiscommand entry:

• Single name (for example, matisse ).

• Variable defined previously in thedistfile . Variables to be expandedbegin with $, followed by the variablename in braces (for example, ${HOSTS}).

• List of names, separated by white spaceand enclosed in parentheses (forexample, ( /usr/lib /usr/bin/usr/ucb ) ).

Chapter 544


command_list Specifies a list of commands to beperformed. Table 5-1 contains the differentcommands that can be used in thecommand_list. Each command must endwith a semicolon (;).

Command Entry Description

Chapter 5 45


Table 5-1 The distfile Commands

CommandName Description

install Copies source files or directories to each host in thedestination list. You can specify any of the following options:

-b Performs a binary comparison of the file andupdates them if they differ. Without thisoption, rdist updates files only if the size ormodification time differs.

-h Allows symbolic links on the master host andcopies the files that the link points to.Without this option, rdist copies the nameof a symbolic link.

-i Ignores unresolved links. Without thisoption, rdist tries to maintain the linkstructure of the files copied and sendswarnings if any link is not found.

-R Removes the files in the remote host’sdirectory that do not exist in thecorresponding directory on the master host.

-v Displays the old files on the remote host butdoes not update any files or send any mail.

-w Appends the full path name (includingdirectory subtree) to a destination directoryname. For example, if the file /dira/fileais copied to the directory dirb , the resultantfile is /dirb/dira/filea . Without thisoption, the preceding copy operation resultsin the file /dirb/filea .

-y Does not update files on the remote host thatare newer than the master copy.

destpath Installs the file on the remote host as thespecified path name.

Chapter 546


If the distfile does not contain the install command or if thedestpath option is not used with the install command, the file nameon the master host is given to the remote host’s file. Parent directories ina file’s path are created on a remote host if they do not exist. rdist doesnot replace non-empty directories on a remote host. However, if the -Roption is specified with the install command, a non-empty directory isremoved on the remote host if the corresponding directory does not existon the master host.

For a detailed description of commands and their options, typeman 1 rdist at the HP-UX prompt.

The following file distribution commands use the variable definitionsdiscussed previously:

notifyuser [@host ]

Sends a list of updated files and errors occurred to a specifiedreceiver. If you do not specify host , the remote host name isthe default value.

exceptfile_list

Updates all files in the source list except the files specified infile_list .

except_patpattern

Updates all files in the source list except the file names thatcontain the pattern pattern . You must provide the escapecharacter backslash (\) for the characters backslash (\ ) and $.

special[ file ]” command”

Specifies commands that must be executed on the remote hostafter each specified file is updated or installed. This option isused to rebuild databases and configuration files after aprogram is updated. If you do not specify the file , commandisexecuted for every updated file. command can contain multiplecommands, each separated by semicolons. The user’s homedirectory on the remote host is the default working directoryfor each command.

Table 5-1 The distfile Commands (Continued)

CommandName Description

Chapter 5 47


• ${FILES} -> ${HOSTS}install -R ;except /usr/lib/${EXLIB} ;except /usr/games/lib ;

This command distributes the source files defined in the variableFILES to the destination hosts defined in the variable HOSTS. rdistcopies the files to each remote host, removing files in the remotehost’s directory that do not exist on the master directory. rdist doesnot update files in /usr/lib/${EXLIB} or in /usr/games/lib .

• srcs:/usr/src/bin -> arpaexcept_pat ( \\.o$ /SCCS\$ ) ;

This command distributes the directory /usr/src/bin to the hostarpa ; object files or files that are under SCCS control are not copied.

Command to List Changed Files

The distfile entry can contain a list of files that have changed on themaster host since a specified date. The format for this type of entry is asfollows:

[ label :] source_list :: timestamp_file command_list ;

where,

label : Used to group command entries and is optional. Youcan use labels to perform a partial update. Normally,rdist updates all the files and directories listed in adistfile . You can invoke rdist with a specific label;in this case, rdist executes only the entries under thespecified label.

source_list Specifies the files on the local host that are newer thanthe timestamp are noted in a list. directories or files onthe master host used as the master copy fordistributing to the remote hosts.

timestamp_file Specify a date to generate a list of files on the localhost that have modified since that date.

You can use the notify command to send the list of changed files to aspecific user. The following is an example entry with the notifycommand:

Chapter 548


${FILES} :: stamp.corynotify root@cory ;

In this example, the list of files that are newer than the timestamp instamp.cory are mailed to the user root@cory . With the notifycommand, if an @ symbol appears in the user name, the default value isthe remote host name.

Chapter 5 49

Distributing Files Using rdistStarting rdist

Starting rdistAfter creating the distfile on the master host, you can start rdistfrom the command line or from a cron file. You must run rdist as rooton the master host. Following are the syntaxes for starting rdist fromthe command line:

• /usr/bin/rdist [-b] [-h] [-i] [-n] [-q] [-R] [-v] [-w]

[-y] [-d var =value ] [-f distfile ] [-m host ] ... [ label ]

where,

-d var =value sets the value of the variable var to value . value canbe an empty string, a single name, or a list of names separated bytabs and spaces, and enclosed within parentheses. The -d option isused to define variable definitions in the distfile . However, if youspecify the -d option for a variable that is already defined in thedistfile , the -d option has no effect (because the distfileoverrides the -d option).

-f distfile specifies the file, distfile , used to update files anddirectories. If you do not specify the distfile , rdist first looks inthe current working directory for the file distfile , and then the fileDistfile .

-m host limits the updates to host , which is one of the hostspreviously identified in the distfile . You can specify multiple -marguments.

label performs only the command entries specified by label in thedistfile .

• /usr/bin/rdist [-b] [-h] [-i] [-n] [-q] [-R] [-v] [-w]

[-y] -c pathname ... [ login @]host [: destpath ]

where,

-c pathname ... [ login @]host [: destpath ] updates files inpathname on the remote host host (the -c arguments are interpretedas a distfile ).

login specifies the user name used to perform the update. destpathspecifies the path name of the installed file on the remote host.

Chapter 550


Table 5-2 describes all the other rdist command-line options.

Table 5-2 rdist Command-Line Options

OptionName Description

-b Performs a binary comparison and updates files if theydiffer. Without this option, rdist updates files only if thesize or modification time differs.

-h Follows symbolic links on the master host and copies thefiles that the link points to. Without this option, rdistcopies the name of a symbolic link.

-i Ignores unresolved links. Without this option, rdist tries tomaintain the link structure of the files being copied andsends out warnings if any link is not found.

-M Checks whether the mode, ownership, and group of updatedfiles on the remote host are the same as the master copyand updates the files if they differ. This is done in additionto any other comparison that may be in effect.

-n Prints rdist commands on the standard output on themaster host without executing them. This option is usefulfor debugging a distfile .

-q Suppresses printing of files that are modified to thestandard output on the master host.

-R Removes files in the remote host’s directory that do notexist on the master directory.

-v Displays the old files on the remote host but does notupdate any files or send any mail.

-w Appends the full path name (including directory subtree) toa destination directory name.

-y Does not update files on the remote host that are newerthan the master copy.

Chapter 5 51


Example Output on the Master Host

Following is the output displayed on the standard output on the masterhost, when rdist is started without command-line options:

% /usr/bin/rdistupdating host lassieinstalling: myprog.cspecial "cc"notify @lassie (bentley@tbear)updating host benjiinstalling: myprog.cspecial "cc"notify @benji (bentley@tbear)

An example distfile is as follows:

HOSTS = (lassie benji )

FILE S = ( myprog.c )${FILES} -> ${HOSTS}

install;special "cc";notify bentley@tbear;

Chapter 552

Distributing Files Using rdistTroubleshooting rdist

Troubleshooting rdistThe errors, warnings, and other messages encountered while usingrdist are displayed on the standard output of the master host. You canuse the notify command to mail a list of the updated files and errorsthat may have occurred to the specified users on the remote host beingupdated. To mail the list to a user that is not on the remote host, ensurethat you specify the mail recipient as user @host .

If rdist does not update the files on the remote system, perform thefollowing checks:

• Use the -n command-line option to check the operation of adistfile . This option prints the commands to the standard outputon the master host without executing them.

• Ensure that the remote system is reachable by using the pingcommand.

• Ensure that the source files reside on the master host where rdist isexecuted.

• Ensure that the source files do not have a negative modificationtime. rdist aborts on files that have a negative modification time(before January 1, 1970).

NOTE On NFS-mounted file systems, root may not have its usual accessprivileges. If rdist is run by root, rdist may fail to copy toNFS-mounted volumes.

An error message indicating a mismatch in the rdist version numbersdisplays due to the following reasons:

• The BSD version of the rdist software running on the master host isnot the same as that running on the remote system. The HP-UXrdist software is based on BSD’s version 3 of rdist and iscompatible with other implementations of BSD’s version 3 of rdist .Ensure that the rdist software running on all systems is based onBSD’s version 3.

Chapter 5 53

Distributing Files Using rdistTroubleshooting rdist

• An executable version of rdist is not available in the /usr/bin ondirectory of the remote system.

Chapter 554

6 Executing Commands withremsh

remsh allows you to execute commands on a remote HP-UX or UNIXhost. remsh is similar to rsh command in 4.2 BSD and later versions.

Chapter 6 55

Executing Commands with remshEnabling remsh

Enabling remshBefore you can use remsh to execute commands on a remote host, youmust configure the remote host in one of the following methods:

• You must have an account on the remote host with the same loginname as your local login name, and the name of your local host mustbe in the remote host’s /etc/hosts.equiv file.

• You must have an account on the remote host, and the name of yourlocal host and your local login name must be in a .rhosts file in yourhome directory on the remote host.

For more information, see “Creating a $HOME/.rhosts File on aRemote Host” on page 25.

Chapter 656

Executing Commands with remshUsing remsh

Using remshThe remsh command is of the following syntax:

remsh remote_host [-l remote_login_name ] command[\; command...]

If you do type any command with remsh on the command line, remshinterprets any option in the command line as rlogin option and runs therlogin command.

Shell metacharacters, such as, <, |, or >>, are interpreted on the localhost, only if you enclose them in double quotes. For example, thefollowing command creates newfile on the host basil ; without thequotes, it would create newfile on the local host:

remsh basil cat my_message ">" newfile

IMPORTANT Do not use remsh to run an interactive command, such as vi or more.remsh hangs with some interactive commands. To run interactivecommands, log into the remote host with rlogin .

The remsh Command Examples

The following are some remsh command examples:

• remsh basil find /project -name status.july -print

This command uses the find command to look for the filestatus.july in the project directory on remote host basil .

• remsh sage cd /home/sage/mike\;echo Hi, Mike! ">" hi_mike

In this command, a user on the local system uses remsh to create afile called hi_mike in the user Mike’s home directory on the remotehost sage .

• remsh basil -l paula mailx proj_team "<" meeting_minutes

In this command, a user uses remsh to log into user Paula’s homedirectory on host basil and mail the meeting_minutes file to themembers of the proj_team mailing list.

For more information, type man 1 remsh at the HP-UX prompt.

Chapter 6 57

Executing Commands with remshUsing remsh

Chapter 658

7 Listing Hosts with ruptime

ruptime lists status information about HP-UX or UNIX hosts on thelocal area network. This information is useful in identifying the networkhosts that you can use, and how responsive each host is likely to be overthe network.

Chapter 7 59

Listing Hosts with ruptimeUsing ruptime

Using ruptimeFor each network host, ruptime displays a status line in the followingformat:

hostname up|down days +hours : minutes n users load n.nn , n.nn , n.nn

hostname Specifies the name of a host on the network. One line isdisplayed for each host on the local network runningthe rwhod daemon.

up|down Specifies the status of the host. If the local host stopshearing from a remote host’s rwhod daemon, that hostis considered as down.

days +hours :minutes Specifies the period of time the host has been up or

down.

n users Specifies the number of users logged into the host.

load Specifies the average number of jobs in the run queueover the last 5, 10, and 15 minutes.

By default, ruptime displays status lines sorted in alphabetical order byhost name. You can use different command-line options to sort the statuslines by different fields, in increasing or in decreasing order.

By default, ruptime lists the number of active users logged into the localarea network. ruptime does not count users who have not used thesystem for an hour or more. To include idle users in the status line, usethe -a option specified as follows:

ruptime -a

NOTE ruptime is not supported across X.25 links or networks using the PPL(SLIP) product.

For more information, type man 1 ruptime at the HP-UX prompt.

Chapter 760

Listing Hosts with ruptimeruptime Examples

ruptime ExamplesThe following example lists hosts in alphabetical order and includes idleusers in the output:

ruptime -a

hpabca down 14+08:34hpabcb down 1:13hpabcc up 1+17:40, 6 users, load 0.18, 0.13, 0.09hpabcd up 14+06:49, 3 users, load 0.10, 0.38, 0.49

The following example lists hosts sorted by increasing load average;however, idle users are not included:

ruptime -r -l

hpabca down 14+08:34hpabcb down 1:13hpabcd up 14+06:49, 3 users, load 0.10, 0.38, 0.49hpabcc up 1+17:40, 4 users, load 0.18, 0.13, 0.09

Chapter 7 61

Listing Hosts with ruptimeruptime Examples

Chapter 762

8 Listing Users with rwho

rwho lists information about HP-UX or UNIX hosts on the local areanetwork. This information is useful in identifying who is logged into thehosts on the network and who is likely to be at their terminal orworkstation.

Chapter 8 63

Listing Users with rwhoUsing rwho

Using rwhoFor each user logged into a network host, rwho displays an informationline in the following format:

user host . line month day hours : minutes hours : minutes

user Specifies the user’s login name.

host Specifies the host to which the user is logged in. Onlyhosts running the rwhod daemon are displayed.

line Specifies the user’s terminal line.

month day Specifies the date the user logged in.

hours : minutes Specifies the time the user logged in (in 24-hour clocknotation).

hours : minutes Specifies the amount of time the user has been idle (in24-hour clock notation).

With rwho , you can list either of the following:

• Users on network hosts who are active or who have been idle for lessthan one hour.

• All users logged into network hosts, regardless of the amount of timeany one of them have been idle.

rwho gets its information by broadcasting a query to the local areanetwork. Only hosts running the rwhod daemon will respond to thequery.

rwho ’s list of users can get long when a large number of users are loggedinto the network.

NOTE rwho is not supported across X.25 links or networks using the PPL(SLIP) product.

For more information, type man 1 rwho at the HP-UX prompt.

Chapter 864

Listing Users with rwhorwho Examples

rwho ExamplesThe following example lists all active users and all users who have beenidle for less than an hour:

rwho

acb hpabcd:ttyp3 Jun 2 08:32 :19bjt hpabcf:tty3p3 Jun 2 09:35 <--Activechas hpabcd:tty3p3 Jun 2 07:47 :27cjc hpabcd:tty1p2 Jun 2 07:55 <--Activedae hpabcf:ttyp2 Jun 2 08:28 :57

The following example lists all users logged into network hosts, includingthose that have been idle for more than an hour:

rwho -a

acb hpabcd:ttyp3 Jun 2 08:32 :19bjt hpabcf:tty3p3 Jun 2 09:35 <--Activechas hpabcd:tty3p3 Jun 2 07:47 :27cjc hpabcd:tty1p2 Jun 2 07:55 <--Activedae hpabcf:ttyp2 Jun 2 08:28 :57gen hpabcd:ttyp4 Jun 2 08:45 5:59kg hpabcd:ttyp0 Jun 2 08:09 1:02scb hpabce:tty3p1 Jun 2 12:12 3:24

Chapter 8 65

Listing Users with rwhorwho Examples

Chapter 866

9 Secure Internet Services

Secure Internet Services (SIS) is an optionally enabled mechanism thatincorporates Kerberos V5 authentication and authorization for remoteaccess services: ftp , rcp , remsh , rlogin , and telnet .

Chapter 9 67

Secure Internet Services

Beginning with HP-UX 11.0, the product was replaced by the SISmechanism (InternetSvcSec ), which incorporates Kerberos V5 Release1.0 authentication for the remote access services.

The main advantage is that if you are running SIS, your security isenhanced because authorization is no longer required for transmitting apassword in a readable form over the network.

IMPORTANT The SIS libraries do not encrypt the session beyond what is necessary toauthorize you (the user) or authenticate the service. Therefore, theseservices do not provide integrity checking or encryption services on thedata or on remote sessions.

Chapter 968

Secure Internet ServicesUsing the Secure Internet Services

Using the Secure Internet ServicesThe following steps describe how to use SIS:

1. Identify yourself to the Security Server, also known as the KDC (KeyDistribution Center), by issuing the kinit command:

kinit user_name@realm_name

To identify yourself to an HP DCE Security Server, you wouldgenerally use the dce_login command rather than kinit . Toidentify yourself to an HP Praesidium/Security Server (P/SS), usethe dess_login command.

2. Start any service (ftp , rcp , remsh , rlogin , or telnet ) using thesame method with which you start the non-secure version of theservice. The following example starts ftp :

ftp remote_host_name

If you are using SIS, ftp does not prompt for a user name andpassword.

3. To connect to a host running a non-secure version of the service, usethe -P option to avoid Kerberos authentication, as in the followingexample:

ftp -P remote_host_name

If the -P option is specified, you require a password to access theremote host, and this password is transmitted in a readable formover the network. In this case, you will receive appropriate warningmessages.

System administrators can enforce Kerberos authentication to aservice on a particular host. If Kerberos authentication is enforced toa service on a host running the SIS daemons, the host can neitheraccess a secure client using the -P option nor can access a non-secureclient.

4. After working with the secure session, issue the kdestroy commandto remove the credentials that you have accumulated during thesession:

kdestroy

Chapter 9 69

Secure Internet ServicesUsing the Secure Internet Services

If the SIS product is installed and enabled on your system, you can referto the following manpages for more information:

• For information common to all the Secure Internet Services,including warning and error messages, type man 5 sis at theHP-UX prompt.

• For information specific to individual services, type man 1 ftp , man1M ftpd , man 1 rcp , man 1 remsh, man 1M remshd, man 1 rlogin ,man 1M rlogind , man 1 telnet , man 1M telnetd , or man 5 sis atthe HP-UX prompt.

• For information on some common Kerberos utilities, type man1kinit , man 1 klist , man 1 kdestroy , man 1M krbval , man 8seck5dcelogin , man 1M inetsvcs_sec , or man 4 inetsvcs at theHP-UX prompt.

Chapter 970

Index

Aanonymous ftp, 28

Bbackspace character, 18binary transfer, ftp, 28

Ddistfile, rdist, 38

command entries, 44creating, 42except command, 47except_pat command, 47install command, 46list of changed files, 48notify command, 47special command, 47syntax, 42variable definitions, 42

Eerase character, 18/etc/hosts.equiv file, 24, 56except command, in rdist distfile, 47except_pat command, in rdist distfile, 47

Fftp

anonymous, 28automatic remote login, 30binary transfer, 28exiting, 29help (?) command, 28local shell commands, 28Secure Internet Services mechanism, 69

Gget command, ftp, 28

H$HOME/.netrc file, 30$HOME/.rhosts file, 25, 56help (?) command

ftp, 28

telnet, 16, 20$HOME/.netrc file, 30$HOME/.rhosts file, 25, 56hosts.equiv file, 24, 56

Iinstall command, in rdist distfile, 46interrupt character, 18

Kkdestroy command, 69Kerberos

bypassing authentication, 69enabling in SIS, 69enforcing authentication, 69

kill character, 18kinit command, 69

N.netrc file, 30NFS Services

with rdist, 53notify command, in rdist distfile, 47

PPPL, 60, 64put command, ftp, 28

Rrcp

configuring remote host, 32error, 33example, 33Secure Internet Services mechanism, 69

rdist, 36command line options, 50distfile, 38example output, 52list of changed files, 48list of update files, 37master host, 37required remsh configuration, 39see also distfile, rdist, 42starting, 50troubleshooting, 53

71

Index

user permissions, 38version, 53with NFS-mounted files, 53

remshSecure Internet Services mechanism, 69setting up for rdist, 39

.rhosts file, 25, 56rhow

status line format, 64rlogin

Secure Internet Services mechanism, 69ruptime

-a option, 60display format, 60example, 61further reading, 60over X.25 or PPL (SLIP), 60status line explanation, 60

rwho-a option, 65example, 65explanation of status line, 64further reading, 64over X.25 or PPL (SLIP), 64

SSecure Internet Services, 69

definition, 67ftp, 69identifying yourself, 69kinit command, 69limitation, 68rcp, 69remsh, 69rlogin, 69telnet, 69

SISSee, Secure Internet Services

SLIP, 60, 64special command, in rdist distfile, 47stty command

checking terminal setting, 18

Ttelnet

exiting, 17

help (?) command, 16, 20Secure Internet Services mechanism, 69

TERM variable, 18terminal configuration

on remote host, 18terminal type, 18troubleshooting

rdist, 53tset command

setting terminal type, 18

XX.25, 60, 64

72

hpux

Documents

hpux release

copyright notice copyright

v1 hpux

copyright laws

release identiereach

hpux manpages

cornell university copyright

hpux internet serviceshpux