![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rshd.8 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDTahoe / man / man8|
Return to rshd.8 CVS log | Up to [CSRG BSD Unix] / 43BSDTahoe / man / man8 |
1.1 root 1: .\" Copyright (c) 1983 Regents of the University of California.
2: .\" All rights reserved. The Berkeley software License Agreement
3: .\" specifies the terms and conditions for redistribution.
4: .\"
5: .\" @(#)rshd.8 6.4 (Berkeley) 10/25/87
6: .\"
7: .TH RSHD 8C "October 25, 1987"
8: .UC 5
9: .SH NAME
10: rshd \- remote shell server
11: .SH SYNOPSIS
12: .B /etc/rshd
13: .SH DESCRIPTION
14: .I Rshd
15: is the server for the
16: .IR rcmd (3X)
17: routine and, consequently, for the
18: .IR rsh (1C)
19: program. The server provides remote execution facilities
20: with authentication based on privileged port numbers from trusted hosts.
21: .PP
22: .I Rshd
23: listens for service requests at the port indicated in
24: the ``cmd'' service specification; see
25: .IR services (5).
26: When a service request is received the following protocol
27: is initiated:
28: .IP 1)
29: The server checks the client's source port.
30: If the port is not in the range 0-1023, the server
31: aborts the connection.
32: .IP 2)
33: The server reads characters from the socket up
34: to a null (`\e0') byte. The resultant string is
35: interpreted as an ASCII number, base 10.
36: .IP 3)
37: If the number received in step 2 is non-zero,
38: it is interpreted as the port number of a secondary
39: stream to be used for the
40: .BR stderr .
41: A second connection is then created to the specified
42: port on the client's machine. The source port of this
43: second connection is also in the range 0-1023.
44: .IP 4)
45: The server checks the client's source address
46: and requests the corresponding host name (see
47: .IR gethostbyaddr (3N),
48: .IR hosts (5)
49: and
50: .IR named (8)).
51: If the hostname cannot be determined,
52: the dot-notation representation of the host address is used.
53: .IP 5)
54: A null terminated user name of at most 16 characters
55: is retrieved on the initial socket. This user name
56: is interpreted as the user identity on the
57: .BR client 's
58: machine.
59: .IP 6)
60: A null terminated user name of at most 16 characters
61: is retrieved on the initial socket. This user name
62: is interpreted as a user identity to use on the
63: .BR server 's
64: machine.
65: .IP 7)
66: A null terminated command to be passed to a
67: shell is retrieved on the initial socket. The length of
68: the command is limited by the upper bound on the size of
69: the system's argument list.
70: .IP 8)
71: .I Rshd
72: then validates the user according to the following steps.
73: The local (server-end) user name is looked up in the password file
74: and a
75: .I chdir
76: is performed to the user's home directory. If either
77: the lookup or
78: .I chdir
79: fail, the connection is terminated.
80: If the user is not the super-user, (user id 0), the file
81: .I /etc/hosts.equiv
82: is consulted for a list of hosts considered ``equivalent''.
83: If the client's host name is present in this file, the
84: authentication is considered successful. If the lookup
85: fails, or the user is the super-user, then the file
86: .I .rhosts
87: in the home directory of the remote user is checked for
88: the machine name and identity of the user on the client's
89: machine. If this lookup fails, the connection is terminated.
90: .IP 9)
91: A null byte is returned on the initial socket
92: and the command line is passed to the normal login
93: shell of the user. The
94: shell inherits the network connections established
95: by
96: .IR rshd .
97: .SH DIAGNOSTICS
98: Except for the last one listed below,
99: all diagnostic messages
100: are returned on the initial socket,
101: after which any network connections are closed.
102: An error is indicated by a leading byte with a value of
103: 1 (0 is returned in step 9 above upon successful completion
104: of all the steps prior to the execution of the login shell).
105: .PP
106: .B ``locuser too long''
107: .br
108: The name of the user on the client's machine is
109: longer than 16 characters.
110: .PP
111: .B ``remuser too long''
112: .br
113: The name of the user on the remote machine is
114: longer than 16 characters.
115: .PP
116: .B ``command too long ''
117: .br
118: The command line passed exceeds the size of the argument
119: list (as configured into the system).
120: .PP
121: .B ``Login incorrect.''
122: .br
123: No password file entry for the user name existed.
124: .PP
125: .B ``No remote directory.''
126: .br
127: The
128: .I chdir
129: command to the home directory failed.
130: .PP
131: .B ``Permission denied.''
132: .br
133: The authentication procedure described above failed.
134: .PP
135: .B ``Can't make pipe.''
136: .br
137: The pipe needed for the
138: .BR stderr ,
139: wasn't created.
140: .PP
141: .B ``Try again.''
142: .br
143: A
144: .I fork
145: by the server failed.
146: .PP
147: .B ``<shellname>: ...''
148: .br
149: The user's login shell could not be started. This message is returned
150: on the connection associated with the
151: .BR stderr ,
152: and is not preceded by a flag byte.
153: .SH SEE ALSO
154: rsh(1C),
155: rcmd(3X)
156: .SH BUGS
157: The authentication procedure used here assumes the integrity
158: of each client machine and the connecting medium. This is
159: insecure, but is useful in an ``open'' environment.
160: .PP
161: A facility to allow all data exchanges to be encrypted should be
162: present.
163: .PP
164: A more extensible protocol should be used.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.