A remote shell is a tool for executing commands on a device through a command-line shell (a program enabling computer control through commands) on another.
Remote shell functionality first appeared in 1983 in the BSD operating system. It was later implemented in other operating systems, among them Windows. Both built-in system tools and standalone utilities can be used as a remote shell.
The term remote shell can also refer to the standard operating system utility for remote command execution (rsh) as well as the obsolete protocol used by this utility (RSH).
What is remote shell used for?
A remote shell can be used for remote configuration of devices, for monitoring, detecting and fixing bugs, for working on a remote server, etc.; in addition, remote shell-type tools are used by cybercriminals to gain access to targeted computers.
Bind shell and reverse shell
A remote shell session can be initiated either by a local device (which sends commands) or a remote one (on which commands are executed). The former is referred to as a bind shell, the latter as a reverse shell.
A reverse shell can be used when the device on which a command is to be executed is not directly accessible — for example, for remote maintenance of computers behind NAT, which cannot be connected to from the outside. Reverse shells are also used in malware to enable attackers to control an infected device.
RSH and SSH
Historically, the RSH protocol was used for remote shell sessions. For authorization, this protocol uses files with a list of trusted devices and users that can connect to the computer on which the file is stored without any verification. This now-deprecated protocol is considered insecure for a number of reasons:
- Data transmitted via this protocol is not encrypted and so can be intercepted. This makes communication via RSH vulnerable to MitM attacks.
- The RSH protocol enables execution of commands without authentication if they come from a trusted device, the IP address of which can be spoofed by attackers.
RSH has been superseded by the SSH (Secure Shell) protocol with encryption and mandatory authentication.