Solved

Executing a command remotely (rexec)

Posted on 2000-02-15
12
957 Views
Last Modified: 2013-12-06
I would like to execute a command remotely via rexec (or some other native service, but preferably rexec).  I can run a command remotely as follows:
rexec <hostname> -l testid -n ll
At this point I'm prompted for my passwd
I'd like to include the pw in the command line.  How can I do this?  Is there a way to incript the password?
Thanks for the help.
0
Comment
Question by:jeffarnold
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 2524149
You could create a .rhosts file (in your home directory on the remote system) with the nodename of the system you are initiating the command from in it, so you aren't prompted for a password.

The other way is to use "expect" to provide the input to the rexec command when it asks for the password.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2524378
Dunno what system you are using, but some implementations of rexec will accept a command like:

rexec -l username -p password host command

Check the manpages for your rexec command to find out if yours has this feature.
0
 

Expert Comment

by:wgre
ID: 2524434
I can`t remember exact specifics right now but if you email me tommorrow I can get it for you.
you can use either rsh or rexec
both allow for pre entry of passwords in special files. as above comment.
one is .rhosts and the other is hosts.equiv and I have used both on a system at my work.
There is something special about setting the file permissions of one of the above files to 400 so that your password is not readable by anybody else
for the remote system.
let me know what system you are using.
I have set up on IRIX and AIX
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 21

Expert Comment

by:tfewster
ID: 2524511
wgre: .rhosts & hosts.equiv don't contain passwords, just hostnames (and users on those hosts, in hosts.equiv) who are "trusted" by the remote system.

I suspect you're thinking of .netrc, which CAN contain a password as part of an ftp "script" - the system ignores .netrc if it's publicly readable to "force" you to keep it secure :)
0
 

Author Comment

by:jeffarnold
ID: 2524551
tfewster (or anyone):  A little clarification please.
I imagine the .rhosts file looks like:
hostname     userid
correct?
This file must be created in the home directory?  I assume that means you must login from the remote system as userid (as defined above).  Could you clarify the syntax of the command as well.
i.e.
rexec <hostname> -l userid -n command
If I use this command line, I shouldn't need to supply the password.  Correct?  Lastly, could you also provide an example using "expect".  Is that a command line parameter?
Thanks again.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2524579
If you want to use a .rhosts on the remote system, it needs to have the exact hostname (as perceived by the remote) and may optionally include a username. The way to be certain of having the correct hostname is to telnet or rlogin to the remote and do a "who" and put the hostname in the .rhosts. If your username is the same on both the local and remote system you don't need anything else. If not, you can but the local username on the same line as the host name, e.g. "local-system-name local-username"
0
 

Author Comment

by:jeffarnold
ID: 2524668
Please read my entire comment above (as well as this one) before responding.  I'm working on an HP-UX system.  I have an existing .rhosts file in the user directory (we'll call it testid).  It's configured as followed:
tohost     testid
fromhost   testid
(where fromhost is the host I'm connecting from and tohost is the box where the .rhosts file is located.  testid exists on both servers.)
When I try to execute a command remotely as follows:
rexec tohost -l testid -n ls
(-l indicates login id, -n indicates command.  The man pages provide no further information.  Hence why I've written the question.)
I'm prompted for a password.  So, obviously password authentication is not being bypassed as described above.  The question is why?  I'm sure because I haven't configured something properly.  Please provide a "clear", very descriptive example of how I may accomplish this.  Also, if possible please provide a second example using the "expect" parameter described above.
Thanks for everyone's input.
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2524812
Jeff:
OK, as you've seen from the man pages, HP-UX's rexec won't allow you to give a password as part of the command (for security, no doubt). It is possible that using the -l testid option bypasses looking for the .rhosts file - Try the command without the userid

..rhosts is in the right place; Try removing the " testid" from the end of the line in .rhosts in case it's being interpreted as part of the trusted hostname - I seem to recall the format should be "trusted_hostname +trusted_user" IF a user is specified

I can't check the format at the moment, but man hosts.equiv explains it (fully, if not clearly)

Check that /etc/hosts.equiv on tohost does not bar the local system (which would override your .rhosts file)

So:
- Assuming /etc/hosts.equiv is empty or at least does not bar fromhost or testid;
- .rhosts in testid's home directory on tohost contains just "fromhost";
- Logged in as testid on fromhosts, do rexec tohost -n ls; If this fails, try remsh tohost ls (or even remsh tohost on it's own) [remexec is a more secure subset of remsh].

"expect" is a scripting language, which I'm sure you'd rather not get into if it can be avoided, but I'll check the source & syntax anyway.

If these tips don't work, I'll come over and give you a hand...

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2524836
Okay, the .rhosts file is located in testid's home directory on the remote (tohost) and it contains the correct (as seen by tohost) hostname of the local machine (fromhost). If I got that right you've not made any errors in setting it up. It could be that the remote system has been set up to explicitly disallow .rhosts files. This is not uncommon and it's typically done for security purposes.

So now we need to use expect. The following script should be very close:

#!/path-to-installed/expect --

spawn rexec $argv
expect "ssword"
send "a-password\r"
interact

Make it executable and you can issue commands like "script host -n cmd".


0
 
LVL 21

Expert Comment

by:tfewster
ID: 2525094
If you can't "bypass" the security and want to go with expect:

tcl/tk tool kit (including expect): Usually /opt/tk* under HP-UX

If you don't already have expect:
http://dev.scriptics.com/ (sources, binaries, inc. port to HP-UX , apps & more!)

http://www.oreilly.com/catalog/expect/chapter/ch03.html (guide, but jlevie's script is perfect for this problem)

I suggest you protect the script with chmod 700 to prevent anyone else reading the password  =8-O

Regards, Tim
0
 
LVL 21

Accepted Solution

by:
tfewster earned 100 total points
ID: 2526812
man remsh (On a HP-UX 10.20 system) says:

The rexec command, a link to remsh, works the same as remsh except that it uses the rexec() library routine and rexecd for command       execution (see rexec(3N) and rexecd(1M)).  rexec prompts for a password before executing the command instead of using hosts.equiv for     authentication.  It should be used in instances where a password to a remote account is known but there are insufficient permissions for remsh.

Apologies for misleading you on the format on .rhosts - it was OK all along; tho' it never hurts to check :-)

So you just need to use remsh instead of rexec: The syntax is the same, and I believe it meets your original requirements, as you are working at shell level (i.e. not writing programs)


0
 

Author Comment

by:jeffarnold
ID: 2535242
Thanks for the input.  I may have more questions later...
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question