Skip to content
shellmap

rshRemote shell — DEPRECATED unencrypted predecessor to ssh across all 5 shells

Equivalents in every shell

Bashunix
ssh user@host command

Use `ssh` — `rsh` was removed from most distros (Debian dropped `rsh-client` from default repos; Red Hat removed it in RHEL 9). When migrating legacy scripts, `ssh -o BatchMode=yes user@host command` is the closest behavioural drop-in: non-interactive, command-then-exit.

Zshunix
ssh user@host command

macOS removed `rsh` in 10.13 (High Sierra). The `ssh` binary in /usr/bin handles the same use case; for scripts that relied on `rsh`'s lack of authentication, you must now configure `~/.ssh/authorized_keys` on the remote.

Fishunix
ssh user@host command

Same — `rsh` is not shipped on any modern Unix. Fish has nothing to add here; the migration is `ssh` everywhere.

PowerShellwindows
ssh user@host command

Windows never shipped `rsh.exe` outside the deprecated Subsystem for Unix Applications (SUA, removed in Windows 8). Use `ssh` (built-in OpenSSH client since Windows 10 1809) or `Invoke-Command -ComputerName host -ScriptBlock { ... }` for native PS Remoting over WinRM/WSMan.

cmd.exewindows
ssh user@host command

No native `rsh` in cmd. `ssh` from OpenSSH-for-Windows works identically. For Windows-to-Windows remoting, `winrs -r:host command` (built-in since Windows Vista) is the WinRM-based equivalent and uses Kerberos / NTLM rather than SSH keys.

Worked examples

Run a single command on a remote host (the legacy `rsh` use case)

Bash
ssh user@host "uptime"
PowerShell
ssh user@host "uptime"
cmd.exe
winrs -r:host hostname

Migrate a legacy `rsh user@host script.sh` invocation

Bash
ssh -o BatchMode=yes user@host bash -s < script.sh
PowerShell
Invoke-Command -ComputerName host -FilePath .\script.ps1

Run as a different user remotely

Bash
ssh -l otheruser host "id"
Zsh
ssh otheruser@host "id"

Gotchas

  • `rsh` sent the password and ALL session traffic IN PLAINTEXT over TCP/513. Anyone on the same network segment could read credentials with `tcpdump`. This is THE reason it was removed — there is no "make it secure" flag. If you find an active `rsh` daemon, treat it as a security incident, not a configuration question.
  • Some legacy clusters (especially older HPC scheduler installs) still expect `$RSH=ssh` to be set so MPI launch wrappers (`mpirun`, `pdsh`) substitute ssh under the hood. Set `export RSH=ssh` and `export PDSH_RCMD_TYPE=ssh` in `~/.bashrc` on those systems.
  • BSD `rsh` had implicit IDENT-based auth via `~/.rhosts` and `/etc/hosts.equiv` — host-trust without per-user passwords. The ssh equivalent is `~/.ssh/authorized_keys` (per-user keys) or `HostbasedAuthentication yes` in sshd_config (closer to the .rhosts model, rarely used today). Do NOT recreate the .rhosts model in production.
  • The `r-commands` family (`rsh`, `rlogin`, `rcp`, `rexec`, `rwho`) all share the same insecure design — and the same fixes: `ssh`/`ssh user@host`/`scp`/`ssh ... command`/`who --hosts` over ssh. Migrate the whole family in one sweep, not one-by-one.
  • On systems where `rsh` is still installed (older Solaris, AIX, ancient Debian Stretch), the binary may be a SETUID symlink that lets unprivileged users open low ports — a privilege-escalation vector. Run `find / -perm -4000 -name "rsh*"` during hardening and remove what you find.

WSL & PowerShell Core notes

pwshPowerShell's built-in remoting (`Invoke-Command`, `Enter-PSSession`, `New-PSSession`) over WinRM/WSMan is the cross-platform native answer for Windows-heavy environments. SSH-based PowerShell remoting (`Enter-PSSession -HostName host -SSHTransport`) works on Linux/macOS pwsh from PS 6+, using OpenSSH as transport — gives you the object pipeline across SSH.
WSLWSL ships only `ssh` (no `rsh`). From Windows-host pwsh you can `wsl ssh user@remote command` to run a command on a third host via your WSL ssh client — useful when Windows OpenSSH and WSL ssh have different known_hosts / config.

Related commands