------------------------------------------------------------------------------- Rsh Problem -- Why NOT to use Rsh problems... + rsh doesn't return the remote command's exit status + doesn't propagate tty modes when appropriate + doesn't propagate your (possibly modified) environment + uses the silliest authentication scheme imaginable ("reserved" ports) + requires logins without a password to execute remote commands + doesn't ask for a password to run a remote command if needed + no password needed check is easily 'spoofed' EG: host/username pairs + data is in the clear when sent over the network + The commands standard error is merged into its standard output + it runs some random shell (the remote accounts login shell) + rexec passes the password IN ONE PACKET! + rsh on some machines is `restricted shell' NOT `remote shell''!!! Ssh (Secure Shell) replacement fixes all the above except... + doesn't propagate TTY modes when appropriate + doesn't propagate your (possibly modified) environment unless setup + The commands standard error is merged into its standard output + It runs the remote accounts login shell, always. (no control) Which is a security benefit. Also ssh provides a lot of other features, + full data encryption, + proper account identification using public/private keys (not DNS), + proper host identification checks (public/private host keys), + Full X window forwarding built in and encrypted, + password requests from user if needed, + remote command filtering, + SOCKS and port forwarding + and probably lots more. ------------------------------------------------------------------------------- What happens when you run a rsh command... Running rsh remote command args Assuming your remote login shell is a csh or tcsh, the command will... * launch a tcsh as you in your home with that command to be executed * tcsh will source .cshrc ONLY without the 'prompt' being set * If your .cshrc is set up right (see the "CSH Startup FAQ" "../shell/csh.startup.faq"), the script file will see that the prompt is not set so will do a very basic non-interactive initialization of the command PATH, LD_LIBRARY_PATH and other required environment variables. * tcsh will then run that command given locating the command on the PATH set in the .cshrc, any stdin to the rsh will be given to standard in of the command and standard output and error changes passed back the same way. Ssh is also the same. -------------------------------------------------------------------------------