Solved

Executing a command remotely (rexec)

Posted on 2000-02-15
12
921 Views
Last Modified: 2013-12-06
I would like to execute a command remotely via rexec (or some other native service, but preferably rexec).  I can run a command remotely as follows:
rexec <hostname> -l testid -n ll
At this point I'm prompted for my passwd
I'd like to include the pw in the command line.  How can I do this?  Is there a way to incript the password?
Thanks for the help.
0
Comment
Question by:jeffarnold
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 20

Expert Comment

by:tfewster
ID: 2524149
You could create a .rhosts file (in your home directory on the remote system) with the nodename of the system you are initiating the command from in it, so you aren't prompted for a password.

The other way is to use "expect" to provide the input to the rexec command when it asks for the password.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2524378
Dunno what system you are using, but some implementations of rexec will accept a command like:

rexec -l username -p password host command

Check the manpages for your rexec command to find out if yours has this feature.
0
 

Expert Comment

by:wgre
ID: 2524434
I can`t remember exact specifics right now but if you email me tommorrow I can get it for you.
you can use either rsh or rexec
both allow for pre entry of passwords in special files. as above comment.
one is .rhosts and the other is hosts.equiv and I have used both on a system at my work.
There is something special about setting the file permissions of one of the above files to 400 so that your password is not readable by anybody else
for the remote system.
let me know what system you are using.
I have set up on IRIX and AIX
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2524511
wgre: .rhosts & hosts.equiv don't contain passwords, just hostnames (and users on those hosts, in hosts.equiv) who are "trusted" by the remote system.

I suspect you're thinking of .netrc, which CAN contain a password as part of an ftp "script" - the system ignores .netrc if it's publicly readable to "force" you to keep it secure :)
0
 

Author Comment

by:jeffarnold
ID: 2524551
tfewster (or anyone):  A little clarification please.
I imagine the .rhosts file looks like:
hostname     userid
correct?
This file must be created in the home directory?  I assume that means you must login from the remote system as userid (as defined above).  Could you clarify the syntax of the command as well.
i.e.
rexec <hostname> -l userid -n command
If I use this command line, I shouldn't need to supply the password.  Correct?  Lastly, could you also provide an example using "expect".  Is that a command line parameter?
Thanks again.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2524579
If you want to use a .rhosts on the remote system, it needs to have the exact hostname (as perceived by the remote) and may optionally include a username. The way to be certain of having the correct hostname is to telnet or rlogin to the remote and do a "who" and put the hostname in the .rhosts. If your username is the same on both the local and remote system you don't need anything else. If not, you can but the local username on the same line as the host name, e.g. "local-system-name local-username"
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:jeffarnold
ID: 2524668
Please read my entire comment above (as well as this one) before responding.  I'm working on an HP-UX system.  I have an existing .rhosts file in the user directory (we'll call it testid).  It's configured as followed:
tohost     testid
fromhost   testid
(where fromhost is the host I'm connecting from and tohost is the box where the .rhosts file is located.  testid exists on both servers.)
When I try to execute a command remotely as follows:
rexec tohost -l testid -n ls
(-l indicates login id, -n indicates command.  The man pages provide no further information.  Hence why I've written the question.)
I'm prompted for a password.  So, obviously password authentication is not being bypassed as described above.  The question is why?  I'm sure because I haven't configured something properly.  Please provide a "clear", very descriptive example of how I may accomplish this.  Also, if possible please provide a second example using the "expect" parameter described above.
Thanks for everyone's input.
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2524812
Jeff:
OK, as you've seen from the man pages, HP-UX's rexec won't allow you to give a password as part of the command (for security, no doubt). It is possible that using the -l testid option bypasses looking for the .rhosts file - Try the command without the userid

..rhosts is in the right place; Try removing the " testid" from the end of the line in .rhosts in case it's being interpreted as part of the trusted hostname - I seem to recall the format should be "trusted_hostname +trusted_user" IF a user is specified

I can't check the format at the moment, but man hosts.equiv explains it (fully, if not clearly)

Check that /etc/hosts.equiv on tohost does not bar the local system (which would override your .rhosts file)

So:
- Assuming /etc/hosts.equiv is empty or at least does not bar fromhost or testid;
- .rhosts in testid's home directory on tohost contains just "fromhost";
- Logged in as testid on fromhosts, do rexec tohost -n ls; If this fails, try remsh tohost ls (or even remsh tohost on it's own) [remexec is a more secure subset of remsh].

"expect" is a scripting language, which I'm sure you'd rather not get into if it can be avoided, but I'll check the source & syntax anyway.

If these tips don't work, I'll come over and give you a hand...

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2524836
Okay, the .rhosts file is located in testid's home directory on the remote (tohost) and it contains the correct (as seen by tohost) hostname of the local machine (fromhost). If I got that right you've not made any errors in setting it up. It could be that the remote system has been set up to explicitly disallow .rhosts files. This is not uncommon and it's typically done for security purposes.

So now we need to use expect. The following script should be very close:

#!/path-to-installed/expect --

spawn rexec $argv
expect "ssword"
send "a-password\r"
interact

Make it executable and you can issue commands like "script host -n cmd".


0
 
LVL 20

Expert Comment

by:tfewster
ID: 2525094
If you can't "bypass" the security and want to go with expect:

tcl/tk tool kit (including expect): Usually /opt/tk* under HP-UX

If you don't already have expect:
http://dev.scriptics.com/ (sources, binaries, inc. port to HP-UX , apps & more!)

http://www.oreilly.com/catalog/expect/chapter/ch03.html (guide, but jlevie's script is perfect for this problem)

I suggest you protect the script with chmod 700 to prevent anyone else reading the password  =8-O

Regards, Tim
0
 
LVL 20

Accepted Solution

by:
tfewster earned 100 total points
ID: 2526812
man remsh (On a HP-UX 10.20 system) says:

The rexec command, a link to remsh, works the same as remsh except that it uses the rexec() library routine and rexecd for command       execution (see rexec(3N) and rexecd(1M)).  rexec prompts for a password before executing the command instead of using hosts.equiv for     authentication.  It should be used in instances where a password to a remote account is known but there are insufficient permissions for remsh.

Apologies for misleading you on the format on .rhosts - it was OK all along; tho' it never hurts to check :-)

So you just need to use remsh instead of rexec: The syntax is the same, and I believe it meets your original requirements, as you are working at shell level (i.e. not writing programs)


0
 

Author Comment

by:jeffarnold
ID: 2535242
Thanks for the input.  I may have more questions later...
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now