rexec

Execute a command on a remote host

$ rexec [[-h|--host]] [remote_host] [ls -l]

$ rexec [[-u|--username]] [username] [[-h|--host]] [remote_host] [ps aux]

$ rexec [[-n|--noerr]] [[-h|--host]] [remote_host] [ls -l]

$ rexec [[-P|--port]] [1234] [[-h|--host]] [remote_host] [ls -l]

rexec [-l username] [-p password] [-d] [-n] host command [arguments...]

host
    The remote host on which the command will be executed.

command
    The command to be executed on the remote host.

arguments...
    Optional arguments to be passed to the command.

-l username
    Specifies the username to be used for authentication on the remote host. If not provided, the local username is typically used, or rexec might prompt for one.

-p password
    Provides the password for authentication on the remote host. Use with extreme caution as this transmits the password in plain text over the network. If not provided, rexec will usually prompt for the password.

-d
    Enables debugging output, providing more verbose information about the connection and execution process.

-n
    Redirects the standard input of the remote command to /dev/null, meaning the remote command will not receive any input from the local standard input.

rexec is a client program designed to execute commands on a remote host. It connects to the rexecd daemon running on the target machine, authenticates the user, and then runs the specified command. Unlike rsh, rexec traditionally prompts for a password if one is required and not provided, offering a slight difference in its authentication flow.

However, a critical aspect of rexec is its inherent insecurity: all data, including usernames, passwords, and the command output, is transmitted in plain text over the network. This makes it highly vulnerable to eavesdropping and interception. Due to these significant security limitations, rexec has been largely superseded by more secure alternatives like ssh (Secure Shell), which encrypts all communications. Its use is strongly discouraged for modern networked environments and is primarily found in legacy systems or specific, controlled environments where security is not a primary concern or a secure alternative is not feasible.

Security Risk: rexec transmits all credentials (usernames and passwords) and command output in plain text, making it highly vulnerable to network sniffing and unauthorized access. Its use is strongly discouraged for secure environments.
Requires Daemon: The remote host must be running the rexecd daemon for rexec to function.
Firewall Considerations: rexec typically uses TCP port 512, which must be open on firewalls between the client and server.

rexec handles authentication by sending the username and password to the remote rexecd daemon. If the -p option is not used or if the password is not provided via an environment variable (like REXEC_PASS on some systems), rexec will interactively prompt the user for the password before attempting to execute the command.

rexec primarily communicates over TCP port 512. This port must be accessible on the remote host and any intermediary firewalls for the command to succeed.

rexec is one of the original 'r-commands' (along with rsh and rlogin) developed as part of the Berkeley Software Distribution (BSD) Unix in the early days of networked computing. It gained prominence in the 1980s as a simple way to execute commands remotely. However, its unencrypted nature became a significant security liability as network usage grew and security threats evolved. The advent of ssh (Secure Shell) in the mid-1990s, which offered robust encryption and secure authentication, led to the rapid decline in rexec's usage and its deprecation in favor of more secure alternatives.

rsh(1), ssh(1), rexecd(8), rlogin(1)