To enable the Cisco IOS software to receive incoming remote shell (rsh) protocol and remote copy (rcp) protocol requests, customers must configure an authentication database to control access to the router. This configuration is accomplished by using the iprcmdremote-host command.
Currently, when using this command, customers must specify the local user, the remote host, and the remote user in the database authentication configuration. For users who can execute commands to the router from multiple hosts, multiple database authentication configuration entries must be used, one for each host, as shown below.
ip rcmd remote-host local-user1 remote-host1 remote-user1 ip rcmd remote-host local-user1 remote-host2 remote-user1 ip rcmd remote-host local-user1 remote-host3 remote-user1 ip rcmd remote-host local-user1 remote-host4 remote-user1
This feature allows customers to specify an access list for a given user. The access list identifies the hosts to which the user has access. A new argument, access-list , has been added that can be used with this command to specify the access list, as shown below.
ip rcmd remote-host local-user1 access-list remote-user1
To allow a user access to the hosts identified in the access list, first define the access list. If the access list is not already defined, access to the host will be denied. For information about defining an access list, refer to the Cisco IOS Security Configuration Guide , Release 12.2.
For more information about using the modified iprcmdremote-host command, see the “Command Reference” section later in this document.
Cisco IOS Configuration Fundamentals Command Reference, Release 12.2
Cisco IOS Security Configuration Guide , Release 12.2
Cisco IOS Security Command Reference, Release 12.2