SSLrsh - SSL remote shell
SSLrsh [-envq] [-l username] [-p port] [-z sslopt] host [command]
SSLrsh executes command on host using the Secure Socket Layer (SSL) transport. Unlike rsh authentication is by means of digitally signed X509 certificates.
SSLrsh copies its standard input to the remote command, the standard output of the remote command to its standard output. The stderr is sent to stdout if the -e flag is given or a proxy is being used. If a separate channel is available for stderr, interrupt, quit and terminate signals cause shutdown of the connection. SSLrsh normally terminates when the remote command does. The options are as follows:
If -z proxy=url is given or one of the environment variables sshell_proxy,https_proxy,http_proxy is set, then ssl_rcmd(3) will connect to the HTTP proxy described by the url and ask it to connect to host. See ssl_rcmd(3) for details.
If the certificate requires a password, SSLrsh defers asking for it until a successful connection is established with the server.
Shell metacharacters which are not quoted are interpreted on local machine, while quoted metacharacters are interpreted on the remote machine. For example, the command
SSLrsh otherhost cat remotefile >> localfile
appends the remote file remotefile to the local file localfile, while
SSLrsh otherhost cat remotefile «>>» other_remotefile
appends remotefile to other_remotefile.
/etc/hosts
rsh(1), ssl_rcmd(3), SSLrshd(8)
The rsh command appeared in 4.2BSD.
SSLrsh was derrived from the 4.4BSD rsh(1) by Simon J. Gerraty.
The SSL implementation used is SSLeay by Eric Young <eay@mincom.oz.au> via sjg's libsslfd.
If you are using csh(1) and put an SSLrsh in the background without redirecting its input away from the terminal, it will block even if no reads are posted by the remote command. If no input is desired you should redirect the input of SSLrsh to /dev/null using the -n option.
You cannot run an interactive command (like rogue(6) or vi(1)) using SSLrsh.
Stop signals stop the local SSLrsh process only; this is arguably wrong, but currently hard to fix for reasons too complicated to explain here.
Simon J. Gerraty <sjg@crufty.net>