tsh Command

Purpose

Invokes the trusted shell.

Syntax

Press in sequence: the Ctrl+X, Ctrl+R keys.

tsh Command

Description

The tsh command is a command interpreter that provides greater security than the Korn shell (the standard login shell). Generally, a user calls the tsh shell by pressing Ctrl+X, Ctrl+R, the secure attention key (SAK) sequence, after a login. The tsh shell also can be invoked by defining it as the login shell in the /etc/passwd file.

To use the SAK sequence to invoke the trusted shell, the terminal the user is using must have SAK enabled, and the user must be allowed to use the trusted path. See the Trusted Computing Base in AIX® Version 7.1 Operating system and device management for information on enabling SAK on a terminal, and see the /etc/security/user file and the chuser command for information on allowing a user to access the trusted path.

To exit from the tsh shell, use any of the following commands: the logout command, shell command, su command. The logout command ends the login session, while the other commands execute the user's initial program and continue the login session.

The trusted shell differs from the Korn shell in the following ways:

Security

Access Control: This command should be a standard user program and have the trusted computing base attribute.

Files Accessed:

Mode File
r /etc/tsh_profile

Examples

To invoke the trusted shell, press the Ctrl+X, Ctrl+R key sequence, the secure attention key (SAK).

Files

Item Description
/usr/bin/tsh Contains the tsh command.
/etc/tsh_profile Contains initialization commands for the trusted shell.
/etc/passwd Contains basic user attributes.
/etc/security/user Contains the extended attributes of users.
/etc/security/login.cfg Contains configuration information.