![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rshd.8 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / libexec / rshd|
Return to rshd.8 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / libexec / rshd |
1.1 root 1: .\" Copyright (c) 1983, 1989 The Regents of the University of California.
2: .\" All rights reserved.
3: .\"
4: .\" Redistribution and use in source and binary forms are permitted provided
5: .\" that: (1) source distributions retain this entire copyright notice and
6: .\" comment, and (2) distributions including binaries display the following
7: .\" acknowledgement: ``This product includes software developed by the
8: .\" University of California, Berkeley and its contributors'' in the
9: .\" documentation or other materials provided with the distribution and in
10: .\" all advertising materials mentioning features or use of this software.
11: .\" Neither the name of the University nor the names of its contributors may
12: .\" be used to endorse or promote products derived from this software without
13: .\" specific prior written permission.
14: .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
15: .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
16: .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17: .\"
18: .\" @(#)rshd.8 6.10 (Berkeley) 6/24/90
19: .\"
20: .TH RSHD 8 "June 24, 1990"
21: .UC 5
22: .SH NAME
23: rshd \- remote shell server
24: .SH SYNOPSIS
25: .B rshd [-aln]
26: .SH DESCRIPTION
27: .I Rshd
28: is the server for the
29: .IR rcmd (3)
30: routine and, consequently, for the
31: .IR rsh (1)
32: program. The server provides remote execution facilities
33: with authentication based on privileged port numbers from trusted hosts.
34: .PP
35: .I Rshd
36: listens for service requests at the port indicated in
37: the ``cmd'' service specification; see
38: .IR services (5).
39: When a service request is received the following protocol
40: is initiated:
41: .IP 1)
42: The server checks the client's source port.
43: If the port is not in the range 512-1023, the server
44: aborts the connection.
45: .IP 2)
46: The server reads characters from the socket up
47: to a null (`\e0') byte. The resultant string is
48: interpreted as an ASCII number, base 10.
49: .IP 3)
50: If the number received in step 2 is non-zero,
51: it is interpreted as the port number of a secondary
52: stream to be used for the
53: .BR stderr .
54: A second connection is then created to the specified
55: port on the client's machine. The source port of this
56: second connection is also in the range 512-1023.
57: .IP 4)
58: The server checks the client's source address
59: and requests the corresponding host name (see
60: .IR gethostbyaddr (3),
61: .IR hosts (5)
62: and
63: .IR named (8)).
64: If the hostname cannot be determined,
65: the dot-notation representation of the host address is used.
66: If the hostname is in the same domain as the server (according to
67: the last two components of the domain name),
68: or if the
69: .B \-a
70: option is given,
71: the addresses for the hostname are requested,
72: verifying that the name and address correspond.
73: If address verification fails, the connection is aborted
74: with the message, ``Host address mismatch.''
75: .IP 5)
76: A null terminated user name of at most 16 characters
77: is retrieved on the initial socket. This user name
78: is interpreted as the user identity on the
79: .BR client 's
80: machine.
81: .IP 6)
82: A null terminated user name of at most 16 characters
83: is retrieved on the initial socket. This user name
84: is interpreted as a user identity to use on the
85: .BR server 's
86: machine.
87: .IP 7)
88: A null terminated command to be passed to a
89: shell is retrieved on the initial socket. The length of
90: the command is limited by the upper bound on the size of
91: the system's argument list.
92: .IP 8)
93: .I Rshd
94: then validates the user using
95: .IR ruserok (3),
96: which uses the file ``/etc/hosts.equiv'' and the ``.rhosts''
97: file found in the user's home directory. The
98: .B \-l
99: option prevents
100: .IR ruserok (3)
101: from doing any validation based on the user's ``.rhosts'' file,
102: unless the user is the superuser.
103: .IP 9)
104: A null byte is returned on the initial socket
105: and the command line is passed to the normal login
106: shell of the user. The
107: shell inherits the network connections established
108: by
109: .IR rshd .
110: .PP
111: Transport-level keepalive messages are enabled unless the
112: .B \-n
113: option is present.
114: The use of keepalive messages allows sessions to be timed out
115: if the client crashes or becomes unreachable.
116: .SH DIAGNOSTICS
117: Except for the last one listed below,
118: all diagnostic messages
119: are returned on the initial socket,
120: after which any network connections are closed.
121: An error is indicated by a leading byte with a value of
122: 1 (0 is returned in step 9 above upon successful completion
123: of all the steps prior to the execution of the login shell).
124: .PP
125: .B ``locuser too long''
126: .br
127: The name of the user on the client's machine is
128: longer than 16 characters.
129: .PP
130: .B ``remuser too long''
131: .br
132: The name of the user on the remote machine is
133: longer than 16 characters.
134: .PP
135: .B ``command too long ''
136: .br
137: The command line passed exceeds the size of the argument
138: list (as configured into the system).
139: .PP
140: .B ``Login incorrect.''
141: .br
142: No password file entry for the user name existed.
143: .PP
144: .B ``No remote directory.''
145: .br
146: The
147: .I chdir
148: command to the home directory failed.
149: .PP
150: .B ``Permission denied.''
151: .br
152: The authentication procedure described above failed.
153: .PP
154: .B ``Can't make pipe.''
155: .br
156: The pipe needed for the
157: .BR stderr ,
158: wasn't created.
159: .PP
160: .B ``Can't fork; try again.''
161: .br
162: A
163: .I fork
164: by the server failed.
165: .PP
166: .B ``<shellname>: ...''
167: .br
168: The user's login shell could not be started. This message is returned
169: on the connection associated with the
170: .BR stderr ,
171: and is not preceded by a flag byte.
172: .SH SEE ALSO
173: rsh(1), rcmd(3), ruserok(3)
174: .SH BUGS
175: The authentication procedure used here assumes the integrity
176: of each client machine and the connecting medium. This is
177: insecure, but is useful in an ``open'' environment.
178: .PP
179: A facility to allow all data exchanges to be encrypted should be
180: present.
181: .PP
182: A more extensible protocol (such as Telnet) should be used.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.