This chapter describes all the tasks that are required to log in to remote systems and work with their files. This is a list of the step-by-step instructions in this chapter.
This chapter provides tasks that are described in the following table to log in and copy files from remote systems.
Table 44–1 Task Map: Accessing Remote Systems| Task | Description | For Instructions | 
|---|---|---|
| Log in to a remote system (rlogin) | 
 | How to Search for and Remove .rhosts Files How to Find Out If a Remote System Is Operating How to Find Who Is Logged In to a Remote System | 
| Log in to a remote system (ftp) | 
 | How to Open an ftp Connection to a Remote System How to Close an ftp Connection to a Remote System | 
| Copy remote files with rcp | Use the rcp command to copy files to and from a remote system. | 
The rlogin command enables you to log in to a remote system. After you are logged in, you can navigate through the remote file system and manipulate its contents (subject to authorization), copy files, or execute remote commands.
If the system you are logging in to is in a remote domain, be sure to append the domain name to the system name. In this example, SOLAR is the name of the remote domain:
rlogin pluto.SOLAR
Also, you can interrupt a remote login operation at any time by typing Control-d.
Authentication (establishing who you are) for rlogin operations can be performed either by the remote system or by the network environment.
The main difference between these forms of authentication lies in the type of interaction they require from you and the way they are established. If a remote system tries to authenticate you, you are prompted for a password, unless you set up the /etc/hosts.equiv or .rhosts file. If the network tries to authenticate you, you are not asked for a password, because the network already knows who you are.
When the remote system attempts to authenticate you, it relies on information in its local files, specifically if one of the following is true:
Your system name and user name appear in the remote system's /etc/hosts.equiv file.
Or:
Your system name and user name appear in the remote user's .rhosts file, under the remote user's home directory.
Network authentication relies on one of these two methods:
A “trusting network environment” that has been set up with your local network information service and the automounter
One of the network information services that is pointed to by the remote system's /etc/nsswitch.conf file contains information about you
Network authentication generally supersedes system authentication.
The /etc/hosts.equiv file contains a list of trusted hosts for a remote system, one per line. If a user attempts to log in remotely (using rlogin) from one of the hosts that is listed in this file, and if the remote system can access the user's password entry, the remote system allows the user to log in without a password.
A typical hosts.equiv file has the following structure:
| host1 host2 user_a +@group1 -@group2 | 
When a simple entry for a host is made in hosts.equiv, such as the previous entry for host1, it means that the host is trusted, and so is any user at that machine.
If the user name is also mentioned, as in the second entry in the example, then the host is trusted only if the specified user is attempting access.
A group name that is preceded by a plus sign (+) means that all the machines in that netgroup are considered trusted.
A group name that is preceded by a minus sign (–) means that none of the machines in that netgroup is considered trusted.
The /etc/hosts.equiv file presents a security risk. If you maintain a /etc/hosts.equiv file on your system, you should include only trusted hosts in your network. The file should not include any host that belongs to a different network, or any machines that are in public areas. For example, do not include a host that is located in a terminal room.
The use of hosts that are not trusted can create a serious security problem. Either replace the /etc/hosts.equiv file with a correctly configured one, or remove the file altogether.
A single line of + in the /etc/hosts.equiv file indicates that every known host is trusted.
The .rhosts file is the user equivalent of the /etc/hosts.equiv file. This file contains a list of host-user combinations, rather than hosts in general. If a host-user combination is listed in this file, the specified user is granted permission to log in remotely from the specified host without having to supply a password.
Note that a .rhosts file must reside at the top level of a user's home directory. .rhost files that are located in subdirectories are not consulted.
Users can create .rhosts files in their home directories. Using the .rhosts file is another way to allow trusted access between users' own accounts on different systems without using the /etc/hosts.equiv file.
Unfortunately, the .rhosts file presents a major security problem. While the /etc/hosts.equiv file is under the system administrator's control and can be managed effectively, any user can create a .rhosts file that grants access to whomever the user chooses without the system administrator's knowledge.
In a situation in which all of the users' home directories are on a single server and only certain people have superuser access on that server, a good way to prevent a user from using a .rhosts file is to create an empty file as superuser in their home directory. You would then change the permissions in this file to 000 so that it would be difficult to change it, even as superuser. This change would effectively prevent a user from risking system security by using a .rhosts file irresponsibly. The change would not, however, solve anything if the user is able to change the effective path to his or her home directory.
The only secure way to manage .rhosts files is to completely disallow them. See How to Search for and Remove .rhosts Files for detailed instructions. As system administrator, you can check the system often for violations of this policy. One possible exception to this policy is for the root account—you might need to have a .rhosts file to perform network backups and other remote services.
If your system is configured properly, you can link remote logins. For example, a user on earth logs in to jupiter, and from there decides to log in to pluto.
The user could have logged out of jupiter and then logged in directly to pluto, but this type of linking can be more convenient.
To link remote logins without having to supply a password, you must have the /etc/hosts.equiv or .rhosts file set up correctly.
The rlogin command allows you to log in to a remote system directly or indirectly.
A direct remote login is attempted with the default user name, that is, the user name of the individual who is currently logged in to the local system. This is the most common form of remote login.
An indirect remote login is attempted with a different user name, which is supplied during the remote login operation. This is the type of remote login you might attempt from a workstation that you borrowed temporarily. For instance, if you were in a coworker's office and needed to examine files in your home directory, you might log in to your system remotely, from your coworker's system. However, you would perform an indirect remote login, supplying your own user name.
The dependencies between direct and indirect logins and authentication methods are summarized in the following table.
Table 44–2 Dependencies Between Login Method and Authentication Method (rlogin)| Type of Login | User Name Supplied By | Authentication | Password | 
|---|---|---|---|
| Direct | System | Network | None | 
| 
 | 
 | System | Required | 
| Indirect | User | Network | None | 
| 
 | 
 | System | Required | 
When you log in to a remote system, the rlogin command attempts to find your home directory. If the rlogin command can't find your home directory, it assigns you to the remote system's root (/) directory. For example:
| Unable to find home directory, logging in with / | 
However, if the rlogin command finds your home directory, it sources both your .cshrc and .login files. Therefore, after a remote login, your prompt is your standard login prompt, and the current directory is the same as when you log in locally.
For example, if your usual prompt displays your system name and working directory, and when you log in, your working directory is your home directory, your login prompt resembles the following:
| earth(/home/smith): | 
Then when you log in to a remote system, you see a similar prompt and your working directory is your home directory, regardless of the directory from which you entered the rlogin command:
| earth(/home/smith): rlogin pluto . . . pluto(/home/smith): | 
The only difference is that the name of the remote system would substitute for your local system at the beginning of the prompt. The remote file system is parallel to your home directory.
Effectively, if you change directory to /home and then run ls, you see the following:
| earth(home/smith): cd .. earth(/home): ls smith jones | 
Search for and remove .rhosts files by using the find(1) command.
| # find home-directories -name .rhosts -print -exec rm{}
 | 
| home-directories | Identifies the path to a directory where users' home directories are located. Note that you can enter multiple paths to search more than one home directory at a time. | 
| -name .rhosts | Identifies the file name. | 
|  | Prints the current path name. | 
| -exec rm {} \; | Tells the find command to apply the rm command to all files that are identified by using the matching file name. | 
The find command starts at the designated directory and searches for any file that is named .rhosts. If it finds such as file, find prints the path on the screen and removes it.
The following example searches and removes .rhosts files in all the user's home directories that are located in the /export/home directory.
| # find /export/home -name .rhosts -print | xargs -i -t rm{} 
 | 
Find out if a remote system is operating by using the ping command.
| $ ping system-name | ip-address | 
| system-name | The name of the remote system | 
| ip-address | The IP address of the remote system | 
The ping command returns one of three messages:
| Status Message | Explanation | 
|---|---|
| system-name is alive | The system can be accessed over the network. | 
| ping:unknown host system-name | The system name is unknown. | 
| The system is known, but is not currently operating. | 
If the system you “ping” is located in a different domain, the return message can also contain routing information, which you can ignore.
The ping command has a timeout of 20 seconds. Effectively, if it does not receive a response within 20 seconds, it returns the third message. You can force ping to wait longer (or less) by typing a time-out value, in seconds:
| $ ping system-name | ip-address time-out | 
For more information, see ping(1M).
Find who is logged in to a remote system by using the rusers(1) command.
| $ rusers [-l] remote-system-name | 
| rusers | (No options) Displays the name of the system, followed by the name of users who are currently logged in to it, including root | 
| -l | Displays additional information about each user: the user's login window, login time and date, amount of time logged in, and the name of the remote system from which the user logged on | 
The following example shows the short output of rusers.
| $ rusers pluto pluto smith jones | 
In the following example, the long version of rusers shows that two users are logged in to the remote system starbug. The first user logged in from the system console on September 10 and has been logged on for 137 hours and 15 minutes. The second user logged in from a remote system, mars, on September 14.
| $ rusers -l starbug root starbug:console Sep 10 16:13 137:15 rimmer starbug:pts/0 Sep 14 14:37 (mars) | 
Log in to a remote system by using the rlogin(1) command.
| $ rlogin [-l user-name] system-name | 
| rlogin | (No options) Logs you in to the remote system directly, effectively, with your current user name | 
| -l user-name | Logs you into the remote system indirectly;, effectively, with the user name you supply | 
If the network attempts to authenticate you, you are not prompted for a password. If the remote system attempts to authenticate you, you are asked to provide a password.
If the operation succeeds, the rlogin command displays brief information about your latest remote login to that system, the version of the operating system that is running on the remote system, and whether you have mail waiting for you in your home directory.
The following example shows the output of a direct remote login to pluto. The user has been authenticated by the network.
| $ rlogin starbug Last login: Mon Jul 12 09:28:39 from venus Sun Microsystems Inc. SunOS 5.8 February 2000 starbug: | 
The following example shows the output of an indirect remote login to pluto, with the user being authenticated by the remote system.
| $ rlogin -l smith pluto password: user-password Last login: Mon Jul 12 11:51:58 from venus Sun Microsystems Inc. SunOS 5.8 February 2000 starbug: | 
Log out from a remote system by using the exit(1) command.
| $ exit | 
This example shows the user smith logging out from the system pluto.
| $ exit pluto% logout Connection closed. earth% | 
The ftp command opens the user interface to the Internet's File Transfer Protocol. This user interface, called the command interpreter, enables you to log in to a remote system and perform a variety of operations with its file system. The principal operations are summarized in the following table.
The main benefit of ftp over rlogin and rcp is that ftp does not require the remote system to be running UNIX. The remote system does, however, need to be configured for TCP/IP communications. However, rlogin provides access to a richer set of file manipulation commands than ftp provides.
Authentication for ftp remote login operations can be established by one of the following methods:
Including your password entry in the remote system's /etc/passwd file or equivalent network information service map or table
| Command | Description | 
|---|---|
| ftp | Accesses the ftp command interpreter. | 
| ftp remote-system | Establishes an ftp connection to a remote system. For instructions, see How to Open an ftp Connection to a Remote System. | 
| open | Logs in to the remote system from the command interpreter. | 
| close | Logs out of the remote system and returns to the command interpreter. | 
| bye | Quits the ftp command interpreter. | 
| help | Lists all ftp commands or, if a command name is supplied, briefly describes what the command does. | 
| reset | Re-synchronizes the command-reply sequencing with the remote ftp server. | 
| ls | Lists the contents of the remote working directory. | 
| pwd | Displays the name of the remote working directory. | 
| cd | Changes the remote working directory. | 
| lcd | Changes the local working directory. | 
| mkdir | Creates a directory on the remote system. | 
| rmdir | Deletes a directory on the remote system. | 
| get, mget | Copies a file (or multiple files) from the remote working directory to the local working directory. | 
| put, mput | Copies a file (or multiple files) from the local working directory to the remote working directory. | 
| delete, mdelete | Deletes a file (or multiple files) from the remote working directory. | 
For more information, see ftp(1).
Ensure that you have ftp authentication.
You must have ftp authentication, as described in Authentication for Remote Logins (ftp).
Open a connection to a remote system by using the ftp command.
| $ ftp remote-system | 
If the connection succeeds, a confirmation message and prompt are displayed.
Type your user name.
| Name (remote-system:user-name): user-name | 
If prompted, type your password.
| 331 Password required for user-name: Password: password | 
If the system you are accessing has an established anonymous ftp account, you are prompted for an email address for the password. If the ftp interface accepts your password, it displays a confirmation message and the (ftp>) prompt.
You can now use any of the commands that are supplied by the ftp interface, including help. The principal commands are summarized in Table 44–3.
This ftp session was established by the user smith on the remote system pluto:
| $ ftp pluto Connected to pluto. 220 pluto FTP server ready. Name (pluto:smith): smith 331 Password required for smith: Password: password 230 User smith logged in. ftp> | 
Close an ftp connection to a remote system by using the bye command.
| ftp> bye 221-You have transferred 0 bytes in 0 files. 221-Total traffic for this sessions was 172 bytes in 0 transfers. 221-Thanks you for using the FTP service on spdev. 221 Goodbye. | 
A goodbye message appears, followed by your usual shell prompt.
Change to a directory on the local system where you want the files from the remote system to be copied.
| $ cd target-directory | 
Change to the source directory.
| ftp> cd source-directory | 
If your system is using the automounter, the home directory of the remote system's user appears parallel to yours, under /home.
Ensure that you have read permission for the source files.
| ftp> ls -l | 
Set the transfer type to binary.
| ftp> binary | 
To copy a single file, use the get command.
| ftp> get filename | 
To copy multiple files at once, use the mget command.
| ftp> mget filename [filename ...] | 
You can supply a series of individual file names and you can use wildcard characters. The mget command copies each file individually, asking you for confirmation each time.
Close the ftp connections.
| ftp> bye | 
In this example, the user kryten opens an ftp connection to the system pluto, and uses the get command to copy a single file from the /tmp directory.
| $ cd $HOME ftp pluto Connected to pluto. 220 pluto FTP server (SunOS 5.8) ready. Name (pluto:kryten): kryten 331 Password required for kryten. Password: xxx 230 User kryten logged in. ftp> cd /tmp 250 CWD command successful. ftp> ls 200 PORT command successful. 150 ASCII data connection for /bin/ls (129.152.221.238,34344) (0 bytes). dtdbcache_:0 filea files ps_data speckeysd.lock 226 ASCII Transfer complete. 53 bytes received in 0.022 seconds (2.39 Kbytes/s) ftp> get filea 200 PORT command successful. 150 ASCII data connection for filea (129.152.221.238,34331) (0 bytes). 221 Goodbye. | 
In this example, the same user kryten uses the mget command to copy a set of files from the /tmp directory to his home directory. Note that kryten can accept or reject individual files in the set.
| $ ftp> cd /tmp 250 CWD command successful. ftp> ls files 200 PORT command successful. 150 ASCII data connection for /bin/ls (129.152.221.238,34345) (0 bytes). fileb filec filed remote: files 21 bytes received in 0.015 seconds (1.36 Kbytes/s) ftp> cd files 250 CWD command successful. ftp> mget file* mget fileb? y 200 PORT command successful. 150 ASCII data connection for fileb (129.152.221.238,34347) (0 bytes). 226 ASCII Transfer complete. mget filec? y 200 PORT command successful. 150 ASCII data connection for filec (129.152.221.238,34348) (0 bytes). 226 ASCII Transfer complete. mget filed? y 200 PORT command successful. 150 ASCII data connection for filed (129.152.221.238,34351) (0 bytes). 226 ASCII Transfer complete.200 PORT command successful. ftp> bye 221 Goodbye. | 
Change to the source directory on the local system.
The directory from which you type the ftp command is the local working directory, and thus the source directory for this operation.
Establish an ftp connection.
Change to the target directory.
| ftp> cd target-directory | 
Remember, if your system is using the automounter, the home directory of the remote system's user appears parallel to yours, under /home.
Ensure that you have write permission to the target directory.
| ftp> ls -l target-directory | 
Set the transfer type to binary.
| ftp> binary | 
To copy a single file, use the put command.
| ftp> put filename | 
To copy multiple files at once, use the mput command.
| ftp> mput filename [filename ...] | 
You can supply a series of individual file names and you can use wildcard characters. The mput command copies each file individually, asking you for confirmation each time.
To close the ftp connection, type bye.
| ftp> bye | 
In this example, the user kryten opens an ftp connection to the system pluto, and uses the put command to copy a file from his or her system to the /tmp directory on system pluto.
| $ cd /tmp ftp pluto Connected to pluto. 220 pluto FTP server (SunOS 5.8) ready. Name (pluto:kryten): kryten 331 Password required for kryten. Password: xxx 230 User kryten logged in. ftp> cd /tmp 250 CWD command successful. ftp> put filef 200 PORT command successful. 150 ASCII data connection for filef (129.152.221.238,34356). 226 Transfer complete. ftp> ls 200 PORT command successful. 150 ASCII data connection for /bin/ls (129.152.221.238,34357) (0 bytes). dtdbcache_:0 filea filef files ps_data speckeysd.lock 226 ASCII Transfer complete. 60 bytes received in 0.058 seconds (1.01 Kbytes/s) ftp> bye 221 Goodbye. | 
In this example, the same user kryten uses the mput command to copy a set of files from his or her home directory to pluto's /tmp directory. Note that kryten can accept or reject individual files in the set.
| $ cd $HOME/testdir $ ls test1 test2 test3 $ ftp pluto Connected to pluto. 220 pluto FTP server (SunOS 5.8) ready. Name (pluto:kryten): kryten 331 Password required for kryten. Password: xxx 230 User kryten logged in. ftp> cd /tmp 250 CWD command successful. ftp> mput test* mput test1? y 200 PORT command successful. 150 ASCII data connection for test1 (129.152.221.238,34365). 226 Transfer complete. mput test2? y 200 PORT command successful. 150 ASCII data connection for test2 (129.152.221.238,34366). 226 Transfer complete. mput test3? y 200 PORT command successful. 150 ASCII data connection for filef (129.152.221.238,34356). 226 Transfer complete. ftp> bye 221 Goodbye. | 
The rcp command copies files or directories between a local and a remote system or between two remote systems. You can use this command from a remote system (after logging in with the rlogin command) or from the local system (without logging in to a remote system).
With rcp, you can perform the following remote copy operations:
Copy a file or directory from your system to a remote system
Copy a file or directory from a remote system to your local system
Copy a file or directory between remote systems from your local system
If you have the automounter running, you can perform these remote operations with the cp command. However, the range of cp is constrained to the virtual file system that is created by the automounter and to operations relative to a user's home directory. Because rcp performs the same operations without these constraints, this section describes only the rcp versions of these tasks.
To copy files or directories between systems, you must have permission to log in and copy files.
 Caution –
Caution – Both the cp and rcp commands can overwrite files without warning. Ensure that file names are correct before executing the command.
With the rcp command in the C shell, you can specify source (the file or directory you want to copy) and target (the location into which you will copy the file or directory) with either absolute or abbreviated path names.
| 
 | Absolute Path Names | Abbreviated Path Names | 
|---|---|---|
| From Local System | mars:/home/jones/myfile.txt | ~jones/myfile.txt | 
| After Remote Login | /home/jones/myfile.txt | ~jones/myfile.txt | 
Absolute path names identify files or directories that are mounted on a particular system. In the previous example, the first absolute path name identifies a file (MyFile.txt) on the mars system. Abbreviated path names identify files or directories relative to a user's home directory, wherever it might reside. In the previous first example, the abbreviated path name identifies the same file, MyFile.txt, but uses “~” symbol to indicate the jones home directory:
~ = mars:/home/jones
The examples on the second line demonstrate the user of absolute and abbreviated path names after a remote login. No difference is evident for the abbreviated path name. However, because the remote login operation mounted the jones home directory onto the local system (parallel to the local user's home directory), the absolute path name no longer requires the system name mars. For more information about how a remote login operation mounts another user's home directory, see What Happens After You Log In Remotely.
The following table provides a sample of absolute and abbreviated path names that are recognized by the C shell. The sample uses the following terminology:
Working directory — The directory from which the rcp command is entered. Can be remote or local.
Current user — The user name under which the rcp command is entered.
| Logged in to | Syntax | Description | 
|---|---|---|
| Local system | . | The local working directory | 
| 
 | path/filename | The path and filename in the local working directory | 
| 
 | ~ | The current user's home directory | 
| 
 | ~/path/filename | The path and filename beneath the current user's home directory | 
| 
 | ~user | The home directory of user | 
| 
 | ~user/path/filename | The path and filename beneath the home directory of user | 
| 
 | remote-system:path/filename | The path and filename in the remote working directory | 
| Remote system | . | The remote working directory | 
| 
 | filename | The filename in the remote working directory | 
| 
 | path/filename | The path and filename in the remote working directory | 
| 
 | ~ | The current user's home directory | 
| 
 | ~/path/filename | The path and filename in the current user's home directory | 
| 
 | ~user | The home directory of user | 
| 
 | ~/user/path/filename | The path and filename beneath the home directory of user | 
| 
 | local-system:path/filename | The path and filename in the local working directory | 
Ensure that you have permission to copy.
You should at least have read permission on the source system and write permission on the target system.
Determine the location of the source and target.
If you don't know the path of the source or target, you can first log in to the remote system with the rlogin command, as described in How to Log In to a Remote System (rlogin). Then, navigate through the remote system until you find the location. You can then perform the next step without logging out.
Copy the file or directory.
| $ rcp [-r] source-file|directory target-file|directory | 
| rcp | (No options) Copies a single file from the source to the target. | 
| -r | Copies a directory from the source to the target. | 
This syntax applies whether you are logged in to the remote system or in to the local system. Only the path name of the file or directory changes, as described in Table 44–4 and as illustrated in the following examples.
You can use the “~” and “.” characters to specify the path portions of the local file or directory names. Note, however, that “~” applies to the current user, not the remote system, and that “.” applies to system you are logged in to. For explanations of these symbols, see Table 44–4.
Here are several examples of using rcp to copy files to and from local and remote systems.
In this example, rcp is used to copy the file letter.doc from the /home/jones directory of the remote system pluto to the working directory (/home/smith) on the local system, earth:
| earth(/home/smith): rcp pluto:/home/jones/letter.doc . | 
In this instance, the rcp operation is performed without a remote login. Here, the “.” symbol at the end of the command line refers to the local system, not the remote system.
The target directory is the also local user's home directory, so it can also be specified with the “~” symbol.
| earth(home/smith): rcp pluto:/home/jones/letter.doc ~ | 
In this example, the rcp operation is run after the rlogin command is executed to copy a file from a remote to a local system. Although the flow of the operation is the same as that of the previous example, the paths change to allow for the remote login:
| earth(/home/smith): rlogin pluto . . . pluto(/home/jones): rcp letter.doc ~ | 
Using the “.” symbol at the end of the command line would be inappropriate in this instance. Because of the remote login, the symbol would simply refer to the remote system—essentially directing rcp to create a duplicate file. The “~” symbol, however, refers to the current user's home directory, even when the login is to a remote system.
In this example, rcp is used to copy the file notice.doc from the home directory (/home/smith) of the local system earth to the /home/jones directory of the remote system, pluto:
| earth(/home/smith): rcp notice.doc pluto:/home/jones | 
Because no remote file name is provided, the file notice.doc is copied into the /home/jones directory with the same name.
In this instance, the rcp operation from the previous example is repeated, but rcp is entered from a different working directory on the local system (/tmp). Note the use of the “~” symbol to refer to the current user's home directory:
| earth(/tmp): rcp ~/notice.doc pluto:/home/jones | 
In this example, the rcp operation is run after the rlogin command is executed to copy a local file to a remote directory. Although the flow of the operation is the same as that of the previous example, the paths change to allow for the remote login.
| earth(/home/smith): rlogin pluto . . . pluto(/home/jones): rcp ~/notice.doc . | 
In this instance, the “~” symbol can be used to denote the current user's home directory, even though it is on the local system. The “.” symbol refers to the working directory on the remote system because the user is logged in to the remote system. Here is an alternative syntax that performs the same operation:
| pluto(/home/jones): rcp earth:/home/smith/notice.doc /home/jones |