


   SPX Version 2.2                                                     fsh(1)



   Name
     fsh - remote shell command with SPX authentication

   Syntax
     fsh _h_o_s_t [-l _u_s_e_r_n_a_m_e] [-n] [-M] [-N] [-D] _c_o_m_m_a_n_d

   Description
     The _f_s_h command connects to the specified _h_o_s_t, and executes the speci-
     fied _c_o_m_m_a_n_d.  The _f_s_h command copies its standard input to the remote
     command, the standard output of the remote command to its standard out-
     put, and the standard error of the remote command to its standard error.
     Interrupt, quit and terminate signals are propagated to the remote com-
     mand.  The _f_s_h command normally terminates when the remote command does.
     The remote username is the same as your local username, unless specified
     with the -l option.

     If you omit _c_o_m_m_a_n_d, then instead of executing a single command, you are
     logged in on the remote host using _f_l_o_g_i_n(1).

     Shell metacharacters that are not quoted are interpreted on the local
     machine, while quoted metacharacters are interpreted on the remote
     machine.  Thus the command

        fsh otherhost cat remotefile >> localfile

     appends the remote file _r_e_m_o_t_e_f_i_l_e to the localfile _l_o_c_a_l_f_i_l_e, while

        fsh otherhost cat remotefile ">>" otherremotefile

     appends _r_e_m_o_t_e_f_i_l_e to _o_t_h_e_r_r_e_m_o_t_e_f_i_l_e.

     Each account has a file ._s_p_h_i_n_x that contains a list of X.500 global
     principals who are allowed access to the account.  To avoid security
     problems, the ._s_p_h_i_n_x file must be owned by either the remote user or
     root and it shouldn't be a symbolic link.  In addition, the file must
     not be world-writable.

     Note that the following ACL entries are equivalent for a user principal
     in the default domain "/C=US/O=Digital/OU=LKG".

          "/C=US/O=Digital/OU=LKG/OU=Users/CN=John Smith"

          "OU=Users/CN=John Smith"

     However, it is recommended that fully qualified principal names be
     placed in ACLs to avoid ambiguity.  Also, if a principal name contains a
     'space' character, the name must be double-quoted.

     If the _f_s_h application is built with the SPX_CHALLENGE variable defined,
     then _f_s_h can be used to securely gain access to the privileged "root"
     account on a remote host.  Potential users who would like privileged
     access must have their X.500 name in the ACL entry file /._s_p_h_i_n_x and
     they need to supply their own password to prove that they are an


   Digital Equipment Corporation                                            1






   fsh(1)                                                     SPX Version 2.2


     interactive user.  Note that the password is not sent in any form over
     the wire.

     The _f_s_h command by default performs no mutual authentication and no
     delegation.

   Options

     -M                  Performs mutual authentication with the remote pro-
                         cess

     -N                  Doesn't delegate your credentials to the remote pro-
                         cess

     -D                  Delegates your credentials to the remote process

     -l _u_s_e_r_n_a_m_e         Logs you in as the specified user, not as your
                         current account name.

   Files
     /etc/cdc.conf /tmp/claimant__n_a_m_e ~/.sphinx

   See Also

     spx(1), spxdestroy(1), spxlist(1), spxinit(1), flogin(1), fcp(1)































   2                                            Digital Equipment Corporation


99