Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   1419 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

RSHD(8C)							      RSHD(8C)

NAME
       rshd - remote shell server

SYNOPSIS
       /usr/etc/rshd

DESCRIPTION
       Rshd  is the server for the rcmd(3X) routine and, consequently, for the
       rsh(1C) program.	 The server provides remote execution facilities  with
       authentication based on privileged port numbers from trusted hosts.

       Rshd  listens for service requests at the port indicated in the ``cmd''
       service specification; see services(5).	 When  a  service  request  is
       received the following protocol is initiated:

       1)     The  server checks the client's source port.  If the port is not
	      in the range 0-1023, the server aborts the connection.

       2)     The server reads characters from the socket up to a null	(`\0')
	      byte.   The  resultant string is interpreted as an ASCII number,
	      base 10.

       3)     If the number received in step 1 is non-zero, it is  interpreted
	      as  the  port  number  of	 a secondary stream to be used for the
	      stderr.  A second connection is then created  to	the  specified
	      port  on	the  client's machine.	The source port of this second
	      connection is also in the range 0-1023.

       4)     The server checks the client's source address and	 requests  the
	      corresponding  host  name	 (see  gethostbyaddr(3N), hosts(5) and
	      named(8)).  If the  hostname  cannot  be	determined,  the  dot-
	      notation representation of the host address is used.

       5)     A	 null  terminated  user	 name  of  at  most  16	 characters is
	      retrieved on the initial socket.	This user name is  interpreted
	      as the user identity on the client's machine.

       6)     A	 null  terminated  user	 name  of  at  most  16	 characters is
	      retrieved on the initial socket.	This user name is  interpreted
	      as a user identity to use on the server's machine.

       7)     A	 null  terminated command to be passed to a shell is retrieved
	      on the initial socket.  The length of the command is limited  by
	      the upper bound on the size of the system's argument list.

       8)     Rshd  then  validates the user according to the following steps.
	      The local (server-end) user name is looked up  in	 the  password
	      file  and a chdir is performed to the user's home directory.  If
	      either the lookup or chdir fail, the connection  is  terminated.
	      If  the  user  is	 not  the  super-user,	(user  id 0), the file
	      /etc/hosts.equiv is consulted for a  list	 of  hosts  considered
	      ``equivalent''.	If  the	 client's host name is present in this
	      file, the authentication is considered  success-	ful.   If  the
	      lookup  fails,  or  the  user  is the super- user, then the file
	      .rhosts in the home directory of the remote user is checked  for
	      the  machine  name  and  identity	 of  the  user on the client's
	      machine.	If this file is owned by someone other than  the  user
	      or  root,	 or  is	 writeable  by	anyone but the owner then then
	      lookup will fail.	 If  this  lookup  fails,  the	connection  is
	      terminated.

       9)     A	 null  byte  is returned on the initial socket and the command
	      line is passed to the normal login shell of the user.  The shell
	      inherits the network connections established by rshd.

DIAGNOSTICS
       Except  for  the	 last  one  listed  below, all diagnostic messages are
       returned on the initial socket, after which any network connections are
       closed.	 An  error is indicated by a leading byte with a value of 1 (0
       is returned in step 9 above upon successful completion of all the steps
       prior to the execution of the login shell).

       ``locuser too long''
       The  name  of  the  user	 on  the  client's  machine  is longer than 16
       characters.

       ``remuser too long''
       The name	 of  the  user	on  the	 remote	 machine  is  longer  than  16
       characters.

       ``command too long ''
       The  command  line  passed  exceeds  the	 size of the argument list (as
       configured into the system).

       ``Login incorrect.''
       No password file entry for the user name existed.

       ``No remote directory.''
       The chdir command to the home directory failed.

       ``Permission denied.''
       The authentication procedure described above failed.

       ``Can't make pipe.''
       The pipe needed for the stderr, wasn't created.

       ``Try again.''
       A fork by the server failed.

       ``<shellname>: ...''
       The user's login shell could not be started.  This message is  returned
       on  the connection associated with the stderr, and is not preceded by a
       flag byte.

SEE ALSO
       rsh(1C), rcmd(3X)

BUGS
       The authentication procedure used here assumes the  integrity  of  each
       client  machine	and  the  connecting medium.  This is insecure, but is
       useful in an ``open'' environment.

       A facility to allow all	data  exchanges	 to  be	 encrypted  should  be
       present.

       A more extensible protocol should be used.

4.2 Berkeley Distribution	 May 24, 1986			      RSHD(8C)

Vote for polarhome