09/27/96,4FAX# 6222 Remote Commands For TCPIP SPECIAL NOTICES Information in this document is correct to the best of our knowledge at the time of this writing. Please send feedback by fax to "AIXServ Information" at (512) 823-4009. Please use this information with care. IBM will not be responsible for damages of any kind resulting from its use. The use of this information is the sole responsibility of the customer and depends on the customer's ability to eval- uate and integrate this information into the customer's operational environment. ABOUT THIS DOCUMENT This document contains setup and configuration tips for the remote commands in conjunction with tcpip. This informa- tion applies to: o AIX version 3.2.5 o AIX version 4.1.X o AIX version 4.2.0 This document was written and tested with the above oper- ating systems. The provided explanations, techniques, and procedures have been reviewed for technical accuracy and applicability. Though the techniques and information con- tained in this item may work on other levels of the oper- ating system, it has not necessarily been tested. Normal precautions should be taken in adopting these same tech- niques and procedures in your own environment. This document describes the basic steps for configuring a system to run the remote commands. Remote shell, copy, and exec will be the topics discussed in this document; however, most remote operations should perform under these same conditions. USING THE REMOTE COMMANDS There are numerous situations to consider when using the remote commands. Various TCP/IP configurations like DNS, NIS, a root user, place certain restrictions on the remote command configuration. A violation or mis-configuration usually results in the error: 'Permission denied'. Name resolution is critical to successful remote command operation. Certain rules or conditions apply: If the remote command is executed by the root user, the .rhosts file is used and must be located in the home direc- Remote Commands For TCPIP 1 09/27/96,4FAX# 6222 tory for root. The /etc/hosts.equiv file is not used for the root user. Only regular users use the /etc/hosts.equiv file. It is acceptable to create an .rhosts file in a regular users $HOME directory. We recommend the .rhosts file use 600 permissions but 644 permissions are allowed. The following cases show different configurations and file contents. CASE 1 This is the simplest remote command configuration. o Environment: No DNS, user=root o Description: root on System A runs the rsh command to System B as follows: {root@systema} /> rsh systemb hostname o Configuration: The hostnames 'systema' AND 'systemb' with their respective ipaddresses should be in the /etc/hosts file on both systems. This will provide correct name resolution for authentication purposes on both systems. systemb needs a .rhosts file in the root (/) filesystem containing the line: 'systema root'. NOTE: This configuration assumes the root user's home directory is /. The .rhosts file must be in root's home directory. Some systems may have /home/root as a home directory for root. CASE 2 o Environment: DNS is configured, user=root o Description: root on System A runs the rsh command to System B as follows: {root@systema} /> rsh systemb hostname o Configuration: The configuration is the same as CASE 1; however, the hostname found in the /.rhosts file should be the fully qualified doamin name for systema. systemb needs a .rhosts file in the root (/) filesystem con- taining the line: systema.austin.ibm.com root (Please use the appropriate domain name.) To verify name resolution run the command: 'host hostname' on the target system and this output should be used in the .rhosts file. (systemb runs 'host systema'). Remote Commands For TCPIP 2 09/27/96,4FAX# 6222 CASE 3 This is the same as Case #1 and Case #2 but the user is not root. o Configuration: If DNS is running, the fully qualified doamin name for systema is used in the /etc/hosts.equiv file on systemb. The contents of the /etc/hosts.equiv file is shown as follows: systema.austin.ibm.com regular_username (Please use the appropriate domain name.) If NIS is running in a DNS environment, the NIS user is authenticated the same way as a regular user. The target system (systemb) will have the fully qualified doamin name for systema in the /etc/hosts.equiv file plus the NIS username. If DNS is not running, the simple hostname is used in the same way. NOTE: Do not confuse the NIS domainname with the DNS internet domain name. These are two different quantities. Many system administra- tors make these two quantities the same which is OK. If DNS is not running, some system administrators make the NIS domainname look like a DNS internet domain name, but the hostname used in /etc/hosts.equiv for remote command exe- cution CANNOT use the NIS domainname. An example to explain this issue: o My DNS internet domain name = austin.ibm.com o My NIS domainname = zcomm Allowable NIS domainname = austin.ibm.com However, if DNS is not running, do not use: hostname.austin.ibm.com Remote Commands For TCPIP 3 09/27/96,4FAX# 6222 READER'S COMMENTS Please fax this form to (512) 823-4009, attention "AIXServ Informa- tion". You may also e-mail comments to: elizabet@austin.ibm.com. These comments should include the same customer information requested below. Use this form to tell us what you think about this document. If you have found errors in it, or if you want to express your opinion about it (such as organization, subject matter, appearance) or make sug- gestions for improvement, this is the form to use. If you need technical assistance, contact your local branch office, point of sale, or 1-800-CALL-AIX (for information about support offer- ings). These services may be billable. Faxes on a variety of sub- jects may be ordered free of charge from 1-800-IBM-4FAX. Outside the U.S. call 415-855-4329 using a fax machine phone. When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any way it believes appropriate without incurring any obligation to you. NOTE: If you have a problem report or item number, supplying that number may help us determine why a procedure did or did not work in your specific situation. Problem Report or Item #: Branch Office or Customer #: Be sure to print your name and fax number below if you would like a reply: Name: Fax Number: ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ END OF DOCUMENT (remote.cmds.tcp,4FAX# 6222) Remote Commands For TCPIP 4