Managing hosts with Network Shell
The Network Shell is a neat tool to manage multiple hosts from an administration
computer. The remote hosts can be running either Unix or NT. Management is achieved
by using NSH utilities. The Network Shell requires two packages to be installed:
An agent (RSCD Agent, a.k.a. Daemon) which must be installed on the remote hosts that you wish to manage,
and a client
(NSH Utilities, including the nsh shell) which you use to send commands to remote agents. By
default, Agents listen for incoming queries on TCP port 4750. On NT, the NSH
Utilities are based on Cygwin.
The RSCD Agent comes in two version: a Light version, with accepts only a sub-set of the
commands supported by the NSH Utilities package, and a Full version with access
to over 140 utilities.
Configuration files are saved in /usr/lib/rsc (if RSCD is installed as root),
or ~/rscd (if installed as a regular user, and ~/rscd is where you chose to
install the RSCD package.) In addition, some libraries and binaries are installed,
and their location depends on whether the package is installed as root or as
a regular user (If the former, /lib, /usr/lib, and /bin are affected; If the
latter, files are all installed beneath eg. ~/rscd/).
Here's the kind of thing that you can accomplish from a central host, running
the RSCD Daemon (from NetworkShell's web site):
- $ /bin/nsh Launching the NSH shell
- host $ cp /etc/hosts //host1/etc/hosts
- host $ cd //host2/home
- host2 $ ps -ef | grep inetd
- host2 $ diff //host3/etc/passwd //host4/etc/passwd
- host2 $ iostat 2 5
- host2 $ vi //nthost/c/AUTOEXEC.BAT
- host2 $ nexec nthost reboot Let's reboot
Note that as of Aug 2001, Red Hat is the only Linux distribution
that is supported by NetworkShell.
NetworkShell also offers NSH Deploy, which is the GUI version of the NSH
Utilities that deal with file distribution. As of Aug 2001, NSH Deploy is only available for Sparc
Solaris, Red Hat Linux, and Windows NT4/2000. Here's what NSH Deploy looks like
on a Unix client (from NetworkShell's web site):
- Create a sub-directory
for RSCD (eg. /usr/local/rscd), copy the package therein (eg. rscd3.4-redhat7.0.tar.gz), cd to the directory,
and untar the package. If you wish to install the Agent as a non-privileged
user, replace /usr/local/rscd with ~rscd
- Run ./Install
(If running as a non-privileged user, either run ./Install and let the shell
script detect that you are not root, or spell it with ./Install -local)
- When prompted
for the activation key, answer either Y to install the Light version, or
N to install the Full version (have the 30-day activation key handy)
- Edit the exports
file (usr/lib/rsc/exports, or ~rscd/export) to define access permissions
when connecting to this agent such as:
allows user jdoe logged on workstation myclient.acme.com running the RSCD
Daemon to connect to this host, and work as root.
- OR -
access only from the administrators host, do not allow root or unknow users
except "admhost", do not allow setting of "set UID/GID"
bits, do not allow creation of special fileso, nly allow admin accounts
Important: The default setting in exports is "*
rw", ie. read/write for all, all commands allowed,
and no logging...
- Edit the users
file (/usr/lib/rsc/users, or ~rscd/users) to override settings in the exports
file and a per-user basis
I need to do this on both hosts? Use the secadmin utility to edit
the secure file (/usr/lib/rscd/secure, or ~rscd/secure), and choose whether
data should flow in clear text, or be encrypted with DES, 3-DES, or Blowfish.
- Read the following
man pages: man/txt1/exports.txt, man/txt1/users.txt, man/txt1/secure.txt,
- Run rscd-setup.exe
- Enter the activation key
- After the RSCD Agent is installed, you can change its
settings through Start | Programs | RSCD Agent | Configure RSCD Agent
- Untar nsh3.4-redhat7.0.tar.gz in eg. /usr/local/nsh/
- Cd to this new directory
- If you are root, run ./Install. This
script will create symlinks in /lib and /usr/lib to NSH's shared libraries,
a symlink in /bin to the NSH shell, and a /usr/lib/rsc sub-directory to
store configuration files.
If you are a non-privileged user,
run ./Install -local; You will also
need to set two environment variables: NSHDIR should point to the product
installation; LD_LIBRARY_PATH must include $NSHDIR/lib.
You can install
either just the NSH Utilities, or both the NSH Utilities and the RSCD Agent
(so this host can be managed from another host)
- Start the NSH shell
: If installed as root, "/bin/nsh";
If installed as a regular user, run "cd $NSHDIR ; bin/nsh"
- To uninstall NSH Utilities, cd
where the nsh package was installed (eg. /usr/local/nsh), and
- Run nsh-setup.exe
- Type the activation key to unlock the NSH Utilities.
Unlike those for Unix, the NT package is not free.
- Open a DOS box, cd to where the NSH Utilies is located,
and type nsh
Note: Unlike the Unix packages,
the NSH Utilities for Windows
NT does not include the RSCD Agent in the installation like in the UNIX downloads;
It will have to be downloaded separately.
Note: The activation
keys are package-specific. In other words, the activation key that you received
to install the RSCD Agent cannot be used to install the NSH Utilities package,
- Just like Jon Holman in his article below, the activation key that was
mailed to me after I downloaded the NT RSCD Daemon would not work, and support
at NetworkShell had to send me a new one
- Could it be that the RSCD Agent for NT is not available in the Free
version (activation key required)?
- Why is the RSCD Daemon for NT so big (20MB)?
- Documentation uses the terms Agent and Daemon interchangeably
On a Linux host, I chose to install just the NSH Utilies: Why am I prompted
to set a TCP port?
Please select the TCP/IP communications port (def: 4750):
Ran Uninstall to remove the NSH Utilies.... and I can no longer run any
- # pwd
- # ./ls -al
- nsh: ./ls: cannot execute remote binary file
Remember to close the nsh shell that you are running before uninstalling...
Why does it talk about cut when I run nsh?
- # nsh
- Usage: cut -c list [file1 ...]
- cut -f list [-s] [-d delim] [file ...]
Uninstalling NSH leaves stuff
- # cd ..
- # ./nsh/Uninstall
- Are you sure you wish to Uninstall the RSCD and/or the Network Shell
- =============== Stoping RSCD Agent (if running) ==============
- ================== Removing Shared Libraries =================
- + rm -f /lib/libeay.so
- + rm -f /lib/libeay.so.1.0
- + rm -f /lib/libnc.so
- + rm -f /lib/libnc.so.1.0
- + rm -f /lib/libzlib.so
- + rm -f /lib/libzlib.so.1.0
- ============== Removing/Updating Startup Script ==============
- + rm -f /etc/rc.d/rc2.d/S99rscd /etc/rc.d/rc3.d/S99rscd /etc/rc.d/rc4.d/S99rscd
- ===================== Removing RSCD Files ====================
- Removing /bin/nsh link ...
- ... done
- Removing links ...
- ... done
- Removing regular files ...
- ... done
- Removing directories ...
- rmdir: `man/pdf': No such file or directory
- rmdir: `include/rsc': No such file or directory
- rmdir: `include': No such file or directory
- rmdir: `bin': Directory not empty
- rmdir: `share/sudo': No such file or directory
- rmdir: `share': Directory not empty
- ... done
- # l /usr/local/nsh/
- total 20
- drwxr-xr-x 5 root root 4096
Aug 19 03:09 ./
- drwxr-xr-x 14 root root 4096
Aug 19 02:55 ../
- drwxr-xr-x 2 bin bin
4096 Aug 19 03:09
- drwxr-xr-x 5 bin bin
4096 Aug 19 03:09
- drwxrwxrwx 2 bin bin
4096 Aug 19 03:00
What if I don't create an exports file on a host running the RSCD Agent?
The remote client gets ro (read only), nosuid (no set UIG/GID), and nomknod(no
creating of special files).
Do I need to restart the RSCD Agent after editing the exports file?
No. It is is automatically re-read and all subsequent client
connections will have the new access permissions, while currently-connected
clients are unaffected.
What is the difference between distributed commands and remote commands?
Distributed commands are available remotely, so can be launched directly,
eg. mkdir //remote/test. Remote commands need to be launched indirectly through
nexec. The distinction is crutial if you want to restrict which commands are
accepted by an RSCD Agent in the exports file.
Can an RSCD Agent run on a multi-homed host?
(From the Support section) To select an alternate address to listen on,
use the "secadmin" command on the Agent (server) host. Use the port
redirection feature, which consists of a port and hostname, to select the address
and port to listen on.
How do I increase data confidentiality with SSH?
From what I gather, the admin station must be running the SSH client in addition
to the RSCD Daemon, the remote host must be running the SSH server in addition
to the RSCD Agent, the admin RSCD Daemon must be set up to forward data to the
local, SSH client, which sends data to the remote SSH server, which itself forwards
data to its local, RSCD Agent.
Do I need to mess with the exports/users/secure on hosts running RSCD Daemon?
When running the Uninstall app to remove the NT RSCD Daemon + Utilities,
files are removed but I'm left with a directory tree in C:\nsh\
Under NT, I'm prompted for an activation key when installing the RSCD Daemon
+ Utilities: Is the NT Daemon/Utilities only available in the Full version?
Looks like the Daemon + Utilities package is free only for Unix platforms.
Failed copying between an NT Daemon and a remote Linux Agent
- W2K $ cp c:\autoexec.bat //mylinux/tmp
- cp: Unable to access file c:autoexec.bat: Not super-user
Replace the above with /c/autoexec.bat
Failed deleting a file on a remote host from a Windows host
- W2K $ rm //mylinux/tmp/autoexec.bat
- rm: //mylinux/tmp/autoexec.bat non existent: Encryption configuration
Need to play with exports/users/secure?
If a remote Windows host has more than one partition, NSH uses the first
partition as default
For instance, ll //w2k and ll //w2k/c are synonymous. Could be dangerous.
- exports For access rights
- users Per user access rights overrides
- secure For authentication and encryption
- secadmin Utility to configure secure file
- nsh Differences between nsh and other
- nshopt Tuning Network Shell performance