Commit | Line | Data |
---|---|---|
af359dea | 1 | .\" Copyright (c) 1983, 1989, 1991 The Regents of the University of California. |
99819948 | 2 | .\" All rights reserved. |
d8a59ffe | 3 | .\" |
af359dea C |
4 | .\" Redistribution and use in source and binary forms, with or without |
5 | .\" modification, are permitted provided that the following conditions | |
6 | .\" are met: | |
7 | .\" 1. Redistributions of source code must retain the above copyright | |
8 | .\" notice, this list of conditions and the following disclaimer. | |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer in the | |
11 | .\" documentation and/or other materials provided with the distribution. | |
12 | .\" 3. All advertising materials mentioning features or use of this software | |
13 | .\" must display the following acknowledgement: | |
14 | .\" This product includes software developed by the University of | |
15 | .\" California, Berkeley and its contributors. | |
16 | .\" 4. Neither the name of the University nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
d8a59ffe | 19 | .\" |
af359dea C |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
99819948 | 31 | .\" |
af359dea C |
32 | .\" @(#)rshd.8 6.11 (Berkeley) 4/20/91 |
33 | .\" | |
34 | .Dd April 20, 1991 | |
35 | .Dt RSHD 8 | |
36 | .Os BSD 4.2 | |
37 | .Sh NAME | |
38 | .Nm rshd | |
39 | .Nd remote shell server | |
40 | .Sh SYNOPSIS | |
41 | .Nm rshd | |
42 | .Op Fl aln | |
43 | .Sh DESCRIPTION | |
44 | The | |
45 | .Nm rshd | |
46 | server | |
d8a59ffe | 47 | is the server for the |
af359dea | 48 | .Xr rcmd 3 |
d8a59ffe | 49 | routine and, consequently, for the |
af359dea | 50 | .Xr rsh 1 |
d8a59ffe | 51 | program. The server provides remote execution facilities |
14dbbfdc | 52 | with authentication based on privileged port numbers from trusted hosts. |
af359dea C |
53 | .Pp |
54 | The | |
55 | .Nm rshd | |
56 | server | |
d8a59ffe KM |
57 | listens for service requests at the port indicated in |
58 | the ``cmd'' service specification; see | |
af359dea | 59 | .Xr services 5 . |
d8a59ffe KM |
60 | When a service request is received the following protocol |
61 | is initiated: | |
af359dea C |
62 | .Bl -enum |
63 | .It | |
d8a59ffe | 64 | The server checks the client's source port. |
800d0819 | 65 | If the port is not in the range 512-1023, the server |
d8a59ffe | 66 | aborts the connection. |
af359dea | 67 | .It |
d8a59ffe KM |
68 | The server reads characters from the socket up |
69 | to a null (`\e0') byte. The resultant string is | |
af359dea C |
70 | interpreted as an |
71 | .Tn ASCII | |
72 | number, base 10. | |
73 | .It | |
2d61542c | 74 | If the number received in step 2 is non-zero, |
d8a59ffe KM |
75 | it is interpreted as the port number of a secondary |
76 | stream to be used for the | |
af359dea | 77 | .Em stderr . |
d8a59ffe KM |
78 | A second connection is then created to the specified |
79 | port on the client's machine. The source port of this | |
800d0819 | 80 | second connection is also in the range 512-1023. |
af359dea | 81 | .It |
14dbbfdc MK |
82 | The server checks the client's source address |
83 | and requests the corresponding host name (see | |
af359dea C |
84 | .Xr gethostbyaddr 3 , |
85 | .Xr hosts 5 | |
14dbbfdc | 86 | and |
af359dea | 87 | .Xr named 8 ) . |
14dbbfdc MK |
88 | If the hostname cannot be determined, |
89 | the dot-notation representation of the host address is used. | |
800d0819 MK |
90 | If the hostname is in the same domain as the server (according to |
91 | the last two components of the domain name), | |
92 | or if the | |
af359dea | 93 | .Fl a |
800d0819 MK |
94 | option is given, |
95 | the addresses for the hostname are requested, | |
96 | verifying that the name and address correspond. | |
97 | If address verification fails, the connection is aborted | |
98 | with the message, ``Host address mismatch.'' | |
af359dea | 99 | .It |
d8a59ffe KM |
100 | A null terminated user name of at most 16 characters |
101 | is retrieved on the initial socket. This user name | |
3e7075be | 102 | is interpreted as the user identity on the |
af359dea | 103 | .Em client Ns 's |
d8a59ffe | 104 | machine. |
af359dea | 105 | .It |
d8a59ffe KM |
106 | A null terminated user name of at most 16 characters |
107 | is retrieved on the initial socket. This user name | |
3e7075be | 108 | is interpreted as a user identity to use on the |
af359dea | 109 | .Sy server Ns 's |
d8a59ffe | 110 | machine. |
af359dea | 111 | .It |
d8a59ffe KM |
112 | A null terminated command to be passed to a |
113 | shell is retrieved on the initial socket. The length of | |
114 | the command is limited by the upper bound on the size of | |
115 | the system's argument list. | |
af359dea C |
116 | .It |
117 | .Nm Rshd | |
34b440ae | 118 | then validates the user using |
af359dea C |
119 | .Xr ruserok 3 , |
120 | which uses the file | |
121 | .Pa /etc/hosts.equiv | |
122 | and the | |
123 | .Pa .rhosts | |
34b440ae | 124 | file found in the user's home directory. The |
af359dea | 125 | .Fl l |
34b440ae | 126 | option prevents |
af359dea | 127 | .Xr ruserok 3 |
df401db4 KB |
128 | from doing any validation based on the user's ``.rhosts'' file, |
129 | unless the user is the superuser. | |
af359dea | 130 | .It |
3e7075be | 131 | A null byte is returned on the initial socket |
d8a59ffe KM |
132 | and the command line is passed to the normal login |
133 | shell of the user. The | |
134 | shell inherits the network connections established | |
135 | by | |
af359dea C |
136 | .Nm rshd . |
137 | .Pp | |
d6fc0eba | 138 | Transport-level keepalive messages are enabled unless the |
af359dea | 139 | .Fl n |
d6fc0eba KB |
140 | option is present. |
141 | The use of keepalive messages allows sessions to be timed out | |
142 | if the client crashes or becomes unreachable. | |
af359dea C |
143 | .El |
144 | .Sh DIAGNOSTICS | |
3e7075be JL |
145 | Except for the last one listed below, |
146 | all diagnostic messages | |
147 | are returned on the initial socket, | |
d8a59ffe KM |
148 | after which any network connections are closed. |
149 | An error is indicated by a leading byte with a value of | |
150 | 1 (0 is returned in step 9 above upon successful completion | |
3e7075be | 151 | of all the steps prior to the execution of the login shell). |
af359dea C |
152 | .Bl -tag -width indent |
153 | .It Sy Locuser too long. | |
d8a59ffe KM |
154 | The name of the user on the client's machine is |
155 | longer than 16 characters. | |
af359dea | 156 | .It Sy Ruser too long. |
d8a59ffe KM |
157 | The name of the user on the remote machine is |
158 | longer than 16 characters. | |
af359dea | 159 | .It Sy Command too long . |
d8a59ffe KM |
160 | The command line passed exceeds the size of the argument |
161 | list (as configured into the system). | |
af359dea | 162 | .It Sy Login incorrect. |
d8a59ffe | 163 | No password file entry for the user name existed. |
af359dea | 164 | .It Sy Remote directory. |
d8a59ffe | 165 | The |
af359dea | 166 | .Xr chdir |
d8a59ffe | 167 | command to the home directory failed. |
af359dea | 168 | .It Sy Permission denied. |
d8a59ffe | 169 | The authentication procedure described above failed. |
af359dea | 170 | .It Sy Can't make pipe. |
d8a59ffe | 171 | The pipe needed for the |
af359dea | 172 | .Em stderr , |
d8a59ffe | 173 | wasn't created. |
af359dea | 174 | .It Sy Can't fork; try again. |
d8a59ffe | 175 | A |
af359dea | 176 | .Xr fork |
d8a59ffe | 177 | by the server failed. |
af359dea | 178 | .It Sy <shellname>: ... |
3e7075be JL |
179 | The user's login shell could not be started. This message is returned |
180 | on the connection associated with the | |
af359dea | 181 | .Em stderr , |
3e7075be | 182 | and is not preceded by a flag byte. |
af359dea C |
183 | .El |
184 | .Sh SEE ALSO | |
185 | .Xr rsh 1 , | |
186 | .Xr rcmd 3 , | |
187 | .Xr ruserok 3 | |
188 | .Sh BUGS | |
d8a59ffe KM |
189 | The authentication procedure used here assumes the integrity |
190 | of each client machine and the connecting medium. This is | |
191 | insecure, but is useful in an ``open'' environment. | |
af359dea | 192 | .Pp |
d8a59ffe KM |
193 | A facility to allow all data exchanges to be encrypted should be |
194 | present. | |
af359dea | 195 | .Pp |
800d0819 | 196 | A more extensible protocol (such as Telnet) should be used. |