Picture A
However, when working with rsh , remember that rsh is not secure - It does not encrypt communications between remote devices and the system. You always need to configure rsh as securely as possible on the router by blocking the management machine's IP address and user name.
However, even with such precautions, rsh is still unsafe compared to SSH. So it would be good to use rsh on a protected and secure internal network. (This way, if you enable rsh through a firewall, it will use TCP port 514).
How to configure rsh on a router?
To be able to run a command on a Windows computer, proceed to the router, execute the commands, and then return the output to you, all you need to do is enter two commands. Let's take a look at the whole process.
First, you need to enable remote shell services on the router. Cisco IOS will call ip rcmd service. To activate this service, enter the following command on Global Configuration Mode:
Router (config) # ip rcmd rsh-enable
Second, you need to configure the workstation and user permissions to execute those remote shell commands. The following is an example of this command:
Router (config) # ip rcmd remote-host root 192.168.1.45 ddavis enable
Let's explain the command line above. The part ip rcmd remote-host is required. Next, you enter the ' local ' username on the router of the remote shell user who will log in when the commands are executed. The example above uses a local user ' root '.
Next, 192.168.1.45 is the IP address of the management workstation you want to allow to execute remote shell commands - in other words, this is the computer's IP address. Next, you see the internal Windows username: ddavis . As in the example, this is the name of the user who logged into the Windows XP machine as well as the user who will execute the rsh command on Windows. If you use a batch job script to execute the rsh command on Windows, you will need to enter the Windows username in the batch file.
Finally, the command contains the ' enable ' keyword. This command allows remote shell users to access to enable the type on the router. You can take this step further and specify the level of access allowed (for example, from level 1 to 15).
Keep in mind that these two commands assume that you already have a configured router and have a local user called ' root '. If you do not have a root user, you can use the following command:
Router (config) # username root privilege 15 password C1sCo!
Method of using rsh from Windows workstation
Once you have configured the commands above, you can easily run a remote shell command from the Windows command prompt. Figure B gives an example.
Figure B
Actually you use the following command:
Z: rsh Router1 -l root sh ver
This is how that command line works:
What can you do with the rsh command?
In addition to using the show version command, you can also perform the show running-configuration command (sh run) or other privileged commands. Here are some examples:
What you can't do is run a Global Configuration Mode command, such as activating an interface or configuring an IP address. This is a limitation when using show commands.
However, one very useful thing you can do is copy the current configuration to a TFTP server and execute it inside an initial script on a Windows server. For example, you use the command copy running-configuration tftp: /1.1.1.1 .
What else can be done with remote commands?
If you look at the Cisco IOS documentation for remote commands, you will notice that there are a number of options that can be used with remote commands. One of the most recent features of that Cisco IOS is that you have the ability to validate newly ordered rsh and rcp commands by using an IOS Cisco access control list.
One of the more interesting changes is that you can use remote replication (rcp). Therefore, it is possible to copy a file using the rcp Windows command from the computer to the router or from the router to the computer without using TFTP or FTP. (You can enable the rcp command with the ip rcmd rcp-enable command.)
Conclude
Remote shell commands ( rsh or rcmd ) can be very useful for remote administration of your router. This is especially true if you want to create a Linux or Windows script that goes to all routers in the network and performs some show commands.