Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   18016 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

RSHD(8)			  BSD System Manager's Manual		       RSHD(8)

NAME
     rshd — remote shell server

SYNOPSIS
     rshd [-aiklnvxPL] [-p port]

DESCRIPTION
     rshd is the server for the rsh(1) program. It provides an authenticated
     remote command execution service.	Supported options are:

     -n, --no-keepalive
	     Disables keep-alive messages.  Keep-alives are packets sent at
	     certain intervals to make sure that the client is still there,
	     even when it doesn't send any data.

     -k, --kerberos
	     Assume that clients connecting to this server will use some form
	     of Kerberos authentication. See the EXAMPLES section for a sample
	     inetd.conf(5) configuration.

     -x, --encrypt
	     For Kerberos 4 this means that the connections are encrypted.
	     Kerberos 5 can negotiate encryption even without this option, but
	     if it's present rshd will deny unencrypted connections. This
	     option implies -k.

     -v, --vacuous
	     If the connecting client does not use any Kerberised authentica‐
	     tion, print a message that complains about this fact, and exit.
	     This is helpful if you want to move away from old port-based
	     authentication.

     -P	     When using the AFS filesystem, users' authentication tokens are
	     put in something called a PAG (Process Authentication Group).
	     Multiple processes can share a PAG, but normally each login ses‐
	     sion has its own PAG. This option disables the setpag() call, so
	     all tokens will be put in the default (uid-based) PAG, making it
	     possible to share tokens between sessions. This is only useful in
	     peculiar environments, such as some batch systems.

     -i, --no-inetd
	     The -i option will cause rshd to create a socket, instead of
	     assuming that its stdin came from inetd(8).  This is mostly use‐
	     ful for debugging.

     -p port, --port=port
	     Port to use with -i.

     -a	     This flag is for backwards compatibility only.

     -L	     This flag enables logging of connections to syslogd(8).  This
	     option is always on in this implementation.

FILES
     /etc/hosts.equiv
     ~/.rhosts

EXAMPLES
     The following can be used to enable Kerberised rsh in inetd.cond(5),
     while disabling non-Kerberised connections:

     shell   stream  tcp  nowait  root	/usr/libexec/rshd  rshd -v
     kshell  stream  tcp  nowait  root	/usr/libexec/rshd  rshd -k
     ekshell stream  tcp  nowait  root	/usr/libexec/rshd  rshd -kx

SEE ALSO
     rsh(1), iruserok(3)

HISTORY
     The rshd command appeared in 4.2BSD.

AUTHORS
     This implementation of rshd was written as part of the Heimdal Kerberos 5
     implementation.

HEIMDAL			       November 22, 2002		       HEIMDAL

Vote for polarhome