1REMCTL(1) remctl REMCTL(1)
2
3
4
6 remctl - Remote execution tool
7
9 remctl [-dhv] [-b source-ip] [-p port] [-s service]
10 [-t timeout] host command [subcommand [parameters ...]]
11
13 remctl is a program that allows a user to execute commands remotely on
14 a server that is running the remctld daemon. remctl does not interpret
15 the commands given to it. It passes them to the server and displays
16 the return message. The commands must be defined on the server-side
17 before a remctl client can execute them, and the user running remctl
18 must be authorized to execute the particular command on the server.
19
20 Access to remote commands is authenticated via Kerberos GSS-API, so a
21 user must have a ticket granting ticket to use remctl. All
22 transmissions to and from the remctld server are encrypted using GSS-
23 API's security layer.
24
25 host is the hostname of the target server. command and subcommand
26 together specify the command to run and correspond to the command names
27 in the configuration file on the server. parameters are any additional
28 command-line parameters to pass to the remote command.
29
31 The start of each option description is annotated with the version of
32 remctl in which that option was added with its current meaning.
33
34 -b source-ip
35 [3.0] When connecting to the remote remctl server, use source-ip as
36 the source IP address. This can be useful on multihomed systems
37 where the remctl connections need to be made over a particular
38 network. source-ip must be an IP address, not a hostname, and can
39 be either an IPv4 or IPv6 address (assuming IPv6 is supported).
40
41 -d [1.10] Turn on extra debugging output of the client-server
42 interaction.
43
44 -h [1.10] Show a brief usage message and then exit.
45
46 -p port
47 [1.0] Connect to the server on port. If this option isn't given,
48 the client first tries the registered remctl port (4373) and then
49 falls back on the legacy port (4444) if that fails.
50
51 -s service
52 [1.0] Authenticate to the server with a service ticket for service
53 rather than the default server identity of host/hostname. This may
54 be necessary with, for instance, a server where remctld is not
55 running as root.
56
57 -t timeout
58 [3.16] Set the timeout for all network operations to timeout (in
59 seconds).
60
61 This is a timeout on network activity, not on a complete operation;
62 for example, a timeout of ten seconds just requires that the server
63 send some data at least every ten seconds. If the server sends
64 only tiny amounts of data at a time, the complete operation could
65 take much longer without triggering the timeout.
66
67 -v [1.10] Print the version of remctl and exit.
68
70 remctl will exit with the exit status returned by the remote command.
71 If some network or authentication error occurred and remctl was unable
72 to run the remote command or retrieve its exit status, or if remctl was
73 called with invalid arguments, remctl will exit with status 1.
74
76 Release an AFS volume called ls.tripwire:
77
78 remctl lsdb afs release ls.tripwire
79
81 The default port was changed to the IANA-registered port of 4373 in
82 version 2.11.
83
84 Support for IPv6 was added in version 2.4.
85
87 If no principal is specified with -s, remctl canonicalizes the server
88 host name using DNS before connecting. This ensures that the network
89 connection and the GSS-API authentication use the same server name even
90 if some common DNS-based load-balancing schemes are in use. To disable
91 this canonicalization, specify the server principal using -s.
92
93 The default behavior, when the port is not specified, of trying 4373
94 and falling back to 4444 will be removed in a future version of remctl
95 in favor of using the "remctl" service in /etc/services if set and then
96 falling back on only 4373. 4444 was the poorly-chosen original remctl
97 port and should be phased out.
98
99 When using Heimdal with triple-DES keys and talking to old servers that
100 only speak version one of the remctl protocol, remctl may have problems
101 with MIC verification. This doesn't affect new clients and servers
102 since the version two protocol doesn't use MICs. If you are using
103 Heimdal and run into MIC verification problems, see the COMPATIBILITY
104 section of gssapi(3).
105
107 The remctl port number, 4373, was derived by tracing the diagonals of a
108 QWERTY keyboard up from the letters "remc" to the number row.
109
111 remctl was originally written by Anton Ushakov. Updates and current
112 maintenance are done by Russ Allbery <eagle@eyrie.org>.
113
115 Copyright 2018 Russ Allbery <eagle@eyrie.org>
116
117 Copyright 2002-2011, 2014 The Board of Trustees of the Leland Stanford
118 Junior University
119
120 Copying and distribution of this file, with or without modification,
121 are permitted in any medium without royalty provided the copyright
122 notice and this notice are preserved. This file is offered as-is,
123 without any warranty.
124
125 SPDX-License-Identifier: FSFAP
126
128 kinit(1), remctld(8)
129
130 The current version of this program is available from its web page at
131 <https://www.eyrie.org/~eagle/software/remctl/>.
132
133
134
1353.18 2022-05-09 REMCTL(1)