Skip to main content

Access the cluster by using RSH

Contributors netapp-barbe netapp-aherbin
PDFs

You can issue RSH requests to the cluster to perform administrative tasks. RSH is not a secure protocol and is disabled by default.

Telnet and RSH are not secure protocols; you should consider using SSH to access the cluster. SSH provides a secure remote shell and interactive network session. For more information, refer to Access the cluster using SSH.

Before you begin

The following conditions must be met before you can use RSH to access the cluster:

  • You must have a cluster local user account that is configured to use RSH as an access method.

    The -application parameter of the security login commands specifies the access method for a user account. For more information, see the security login man pages.

About this task

  • ONTAP supports a maximum of 50 concurrent RSH sessions per node.

    If the cluster management LIF resides on the node, it shares this limit with the node management LIF.

    If the rate of incoming connections is higher than 10 per second, the service is temporarily disabled for 60 seconds.

  • RSH commands require advanced privileges.

ONTAP 9.10.1 or later
Steps

  1. Confirm that the RSH security protocol is enabled:

    security protocol show

    1. If the RSH security protocol is enabled, continue to the next step.

    2. If the RSH security protocol is not enabled, use the following command to enable it:

      security protocol modify -application rsh -enabled true

  2. Confirm that the management-rsh-server service exists on the management LIFs:

    network interface show -services management-rsh-server

    1. If the management-rsh-server service exists, continue to the next step.

    2. If the management-rsh-server service does not exist, use the following command to add it:

      network interface service-policy add-service -vserver cluster1 -policy default-management -service management-rsh-server

ONTAP 9.9 or earlier
Before you begin

The following conditions must be met before you can use RSH to access the cluster:

  • RSH must already be enabled in the management firewall policy that is used by the cluster or node management LIFs so that RSH requests can go through the firewall.

    By default, RSH is disabled. The system services firewall policy show command with the -service rsh parameter displays whether RSH has been enabled in a firewall policy. For more information, see the system services firewall policy man pages.

  • If you use IPv6 connections, IPv6 must already be configured and enabled on the cluster, and firewall policies must already be configured with IPv6 addresses.

    The network options ipv6 show command displays whether IPv6 is enabled. The system services firewall policy show command displays firewall policies.

Steps

  1. From an administration host, enter the following command:

    rsh hostname_or_IP -l username:passwordcommand

    hostname_or_IP is the host name or the IP address of the cluster management LIF or a node management LIF. Using the cluster management LIF is recommended. You can use an IPv4 or IPv6 address.

    command is the command you want to execute over RSH.

Example of an RSH request

The following example shows how the user named “joe”, who has been set up with RSH access, can issue an RSH request to run the cluster show command:

admin_host$ rsh 10.72.137.28 -l joe:password cluster show

Node                  Health  Eligibility
--------------------- ------- ------------
node1                 true    true
node2                 true    true
2 entries were displayed.

admin_host$