Commit | Line | Data |
---|---|---|
99819948 KB |
1 | .\" Copyright (c) 1983 The Regents of the University of California. |
2 | .\" All rights reserved. | |
d8a59ffe | 3 | .\" |
99819948 KB |
4 | .\" Redistribution and use in source and binary forms are permitted |
5 | .\" provided that the above copyright notice and this paragraph are | |
6 | .\" duplicated in all such forms and that any documentation, | |
7 | .\" advertising materials, and other materials related to such | |
8 | .\" distribution and use acknowledge that the software was developed | |
9 | .\" by the University of California, Berkeley. The name of the | |
10 | .\" University may not be used to endorse or promote products derived | |
11 | .\" from this software without specific prior written permission. | |
12 | .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR | |
13 | .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED | |
14 | .\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. | |
d8a59ffe | 15 | .\" |
99819948 KB |
16 | .\" @(#)rshd.8 6.5 (Berkeley) %G% |
17 | .\" | |
18 | .TH RSHD 8 "" | |
d8a59ffe KM |
19 | .UC 5 |
20 | .SH NAME | |
21 | rshd \- remote shell server | |
22 | .SH SYNOPSIS | |
23 | .B /etc/rshd | |
24 | .SH DESCRIPTION | |
25 | .I Rshd | |
26 | is the server for the | |
27 | .IR rcmd (3X) | |
28 | routine and, consequently, for the | |
29 | .IR rsh (1C) | |
30 | program. The server provides remote execution facilities | |
14dbbfdc | 31 | with authentication based on privileged port numbers from trusted hosts. |
d8a59ffe KM |
32 | .PP |
33 | .I Rshd | |
34 | listens for service requests at the port indicated in | |
35 | the ``cmd'' service specification; see | |
36 | .IR services (5). | |
37 | When a service request is received the following protocol | |
38 | is initiated: | |
39 | .IP 1) | |
40 | The server checks the client's source port. | |
41 | If the port is not in the range 0-1023, the server | |
42 | aborts the connection. | |
43 | .IP 2) | |
44 | The server reads characters from the socket up | |
45 | to a null (`\e0') byte. The resultant string is | |
46 | interpreted as an ASCII number, base 10. | |
47 | .IP 3) | |
2d61542c | 48 | If the number received in step 2 is non-zero, |
d8a59ffe KM |
49 | it is interpreted as the port number of a secondary |
50 | stream to be used for the | |
51 | .BR stderr . | |
52 | A second connection is then created to the specified | |
53 | port on the client's machine. The source port of this | |
54 | second connection is also in the range 0-1023. | |
55 | .IP 4) | |
14dbbfdc MK |
56 | The server checks the client's source address |
57 | and requests the corresponding host name (see | |
58 | .IR gethostbyaddr (3N), | |
59 | .IR hosts (5) | |
60 | and | |
61 | .IR named (8)). | |
62 | If the hostname cannot be determined, | |
63 | the dot-notation representation of the host address is used. | |
d8a59ffe KM |
64 | .IP 5) |
65 | A null terminated user name of at most 16 characters | |
66 | is retrieved on the initial socket. This user name | |
3e7075be JL |
67 | is interpreted as the user identity on the |
68 | .BR client 's | |
d8a59ffe KM |
69 | machine. |
70 | .IP 6) | |
71 | A null terminated user name of at most 16 characters | |
72 | is retrieved on the initial socket. This user name | |
3e7075be JL |
73 | is interpreted as a user identity to use on the |
74 | .BR server 's | |
d8a59ffe KM |
75 | machine. |
76 | .IP 7) | |
77 | A null terminated command to be passed to a | |
78 | shell is retrieved on the initial socket. The length of | |
79 | the command is limited by the upper bound on the size of | |
80 | the system's argument list. | |
81 | .IP 8) | |
82 | .I Rshd | |
83 | then validates the user according to the following steps. | |
14dbbfdc | 84 | The local (server-end) user name is looked up in the password file |
d8a59ffe KM |
85 | and a |
86 | .I chdir | |
87 | is performed to the user's home directory. If either | |
88 | the lookup or | |
89 | .I chdir | |
90 | fail, the connection is terminated. | |
91 | If the user is not the super-user, (user id 0), the file | |
92 | .I /etc/hosts.equiv | |
93 | is consulted for a list of hosts considered ``equivalent''. | |
94 | If the client's host name is present in this file, the | |
95 | authentication is considered successful. If the lookup | |
96 | fails, or the user is the super-user, then the file | |
97 | .I .rhosts | |
98 | in the home directory of the remote user is checked for | |
99 | the machine name and identity of the user on the client's | |
100 | machine. If this lookup fails, the connection is terminated. | |
101 | .IP 9) | |
3e7075be | 102 | A null byte is returned on the initial socket |
d8a59ffe KM |
103 | and the command line is passed to the normal login |
104 | shell of the user. The | |
105 | shell inherits the network connections established | |
106 | by | |
107 | .IR rshd . | |
108 | .SH DIAGNOSTICS | |
3e7075be JL |
109 | Except for the last one listed below, |
110 | all diagnostic messages | |
111 | are returned on the initial socket, | |
d8a59ffe KM |
112 | after which any network connections are closed. |
113 | An error is indicated by a leading byte with a value of | |
114 | 1 (0 is returned in step 9 above upon successful completion | |
3e7075be | 115 | of all the steps prior to the execution of the login shell). |
d8a59ffe KM |
116 | .PP |
117 | .B ``locuser too long'' | |
118 | .br | |
119 | The name of the user on the client's machine is | |
120 | longer than 16 characters. | |
121 | .PP | |
122 | .B ``remuser too long'' | |
123 | .br | |
124 | The name of the user on the remote machine is | |
125 | longer than 16 characters. | |
126 | .PP | |
127 | .B ``command too long '' | |
128 | .br | |
129 | The command line passed exceeds the size of the argument | |
130 | list (as configured into the system). | |
131 | .PP | |
d8a59ffe KM |
132 | .B ``Login incorrect.'' |
133 | .br | |
134 | No password file entry for the user name existed. | |
135 | .PP | |
136 | .B ``No remote directory.'' | |
137 | .br | |
138 | The | |
139 | .I chdir | |
140 | command to the home directory failed. | |
141 | .PP | |
142 | .B ``Permission denied.'' | |
143 | .br | |
144 | The authentication procedure described above failed. | |
145 | .PP | |
146 | .B ``Can't make pipe.'' | |
147 | .br | |
148 | The pipe needed for the | |
149 | .BR stderr , | |
150 | wasn't created. | |
151 | .PP | |
152 | .B ``Try again.'' | |
153 | .br | |
154 | A | |
155 | .I fork | |
156 | by the server failed. | |
157 | .PP | |
3e7075be | 158 | .B ``<shellname>: ...'' |
d8a59ffe | 159 | .br |
3e7075be JL |
160 | The user's login shell could not be started. This message is returned |
161 | on the connection associated with the | |
162 | .BR stderr , | |
163 | and is not preceded by a flag byte. | |
d8a59ffe | 164 | .SH SEE ALSO |
99819948 | 165 | rsh(1), rcmd(3) |
d8a59ffe KM |
166 | .SH BUGS |
167 | The authentication procedure used here assumes the integrity | |
168 | of each client machine and the connecting medium. This is | |
169 | insecure, but is useful in an ``open'' environment. | |
170 | .PP | |
171 | A facility to allow all data exchanges to be encrypted should be | |
172 | present. | |
14dbbfdc MK |
173 | .PP |
174 | A more extensible protocol should be used. |