projects / unix-history / blame
| Commit | Line | Data |
|---|---|---|
| d8a59ffe KM |
1 | .\" Copyright (c) 1983 Regents of the University of California. |
| 2 | .\" All rights reserved. The Berkeley software License Agreement | |
| 3 | .\" specifies the terms and conditions for redistribution. | |
| 4 | .\" | |
| ca67e7b4 | 5 | .\" @(#)rshd.8 6.4 (Berkeley) 10/25/87 |
| d8a59ffe | 6 | .\" |
| ca67e7b4 | 7 | .TH RSHD 8C "October 25, 1987" |
| d8a59ffe KM |
8 | .UC 5 |
| 9 | .SH NAME | |
| 10 | rshd \- remote shell server | |
| 11 | .SH SYNOPSIS | |
| 12 | .B /etc/rshd | |
| 13 | .SH DESCRIPTION | |
| 14 | .I Rshd | |
| 15 | is the server for the | |
| 16 | .IR rcmd (3X) | |
| 17 | routine and, consequently, for the | |
| 18 | .IR rsh (1C) | |
| 19 | program. The server provides remote execution facilities | |
| 14dbbfdc | 20 | with authentication based on privileged port numbers from trusted hosts. |
| d8a59ffe KM |
21 | .PP |
| 22 | .I Rshd | |
| 23 | listens for service requests at the port indicated in | |
| 24 | the ``cmd'' service specification; see | |
| 25 | .IR services (5). | |
| 26 | When a service request is received the following protocol | |
| 27 | is initiated: | |
| 28 | .IP 1) | |
| 29 | The server checks the client's source port. | |
| 30 | If the port is not in the range 0-1023, the server | |
| 31 | aborts the connection. | |
| 32 | .IP 2) | |
| 33 | The server reads characters from the socket up | |
| 34 | to a null (`\e0') byte. The resultant string is | |
| 35 | interpreted as an ASCII number, base 10. | |
| 36 | .IP 3) | |
| 2d61542c | 37 | If the number received in step 2 is non-zero, |
| d8a59ffe KM |
38 | it is interpreted as the port number of a secondary |
| 39 | stream to be used for the | |
| 40 | .BR stderr . | |
| 41 | A second connection is then created to the specified | |
| 42 | port on the client's machine. The source port of this | |
| 43 | second connection is also in the range 0-1023. | |
| 44 | .IP 4) | |
| 14dbbfdc MK |
45 | The server checks the client's source address |
| 46 | and requests the corresponding host name (see | |
| 47 | .IR gethostbyaddr (3N), | |
| 48 | .IR hosts (5) | |
| 49 | and | |
| 50 | .IR named (8)). | |
| 51 | If the hostname cannot be determined, | |
| 52 | the dot-notation representation of the host address is used. | |
| d8a59ffe KM |
53 | .IP 5) |
| 54 | A null terminated user name of at most 16 characters | |
| 55 | is retrieved on the initial socket. This user name | |
| 3e7075be JL |
56 | is interpreted as the user identity on the |
| 57 | .BR client 's | |
| d8a59ffe KM |
58 | machine. |
| 59 | .IP 6) | |
| 60 | A null terminated user name of at most 16 characters | |
| 61 | is retrieved on the initial socket. This user name | |
| 3e7075be JL |
62 | is interpreted as a user identity to use on the |
| 63 | .BR server 's | |
| d8a59ffe KM |
64 | machine. |
| 65 | .IP 7) | |
| 66 | A null terminated command to be passed to a | |
| 67 | shell is retrieved on the initial socket. The length of | |
| 68 | the command is limited by the upper bound on the size of | |
| 69 | the system's argument list. | |
| 70 | .IP 8) | |
| 71 | .I Rshd | |
| 72 | then validates the user according to the following steps. | |
| 14dbbfdc | 73 | The local (server-end) user name is looked up in the password file |
| d8a59ffe KM |
74 | and a |
| 75 | .I chdir | |
| 76 | is performed to the user's home directory. If either | |
| 77 | the lookup or | |
| 78 | .I chdir | |
| 79 | fail, the connection is terminated. | |
| 80 | If the user is not the super-user, (user id 0), the file | |
| 81 | .I /etc/hosts.equiv | |
| 82 | is consulted for a list of hosts considered ``equivalent''. | |
| 83 | If the client's host name is present in this file, the | |
| 84 | authentication is considered successful. If the lookup | |
| 85 | fails, or the user is the super-user, then the file | |
| 86 | .I .rhosts | |
| 87 | in the home directory of the remote user is checked for | |
| 88 | the machine name and identity of the user on the client's | |
| 89 | machine. If this lookup fails, the connection is terminated. | |
| 90 | .IP 9) | |
| 3e7075be | 91 | A null byte is returned on the initial socket |
| d8a59ffe KM |
92 | and the command line is passed to the normal login |
| 93 | shell of the user. The | |
| 94 | shell inherits the network connections established | |
| 95 | by | |
| 96 | .IR rshd . | |
| 97 | .SH DIAGNOSTICS | |
| 3e7075be JL |
98 | Except for the last one listed below, |
| 99 | all diagnostic messages | |
| 100 | are returned on the initial socket, | |
| d8a59ffe KM |
101 | after which any network connections are closed. |
| 102 | An error is indicated by a leading byte with a value of | |
| 103 | 1 (0 is returned in step 9 above upon successful completion | |
| 3e7075be | 104 | of all the steps prior to the execution of the login shell). |
| d8a59ffe KM |
105 | .PP |
| 106 | .B ``locuser too long'' | |
| 107 | .br | |
| 108 | The name of the user on the client's machine is | |
| 109 | longer than 16 characters. | |
| 110 | .PP | |
| 111 | .B ``remuser too long'' | |
| 112 | .br | |
| 113 | The name of the user on the remote machine is | |
| 114 | longer than 16 characters. | |
| 115 | .PP | |
| 116 | .B ``command too long '' | |
| 117 | .br | |
| 118 | The command line passed exceeds the size of the argument | |
| 119 | list (as configured into the system). | |
| 120 | .PP | |
| d8a59ffe KM |
121 | .B ``Login incorrect.'' |
| 122 | .br | |
| 123 | No password file entry for the user name existed. | |
| 124 | .PP | |
| 125 | .B ``No remote directory.'' | |
| 126 | .br | |
| 127 | The | |
| 128 | .I chdir | |
| 129 | command to the home directory failed. | |
| 130 | .PP | |
| 131 | .B ``Permission denied.'' | |
| 132 | .br | |
| 133 | The authentication procedure described above failed. | |
| 134 | .PP | |
| 135 | .B ``Can't make pipe.'' | |
| 136 | .br | |
| 137 | The pipe needed for the | |
| 138 | .BR stderr , | |
| 139 | wasn't created. | |
| 140 | .PP | |
| 141 | .B ``Try again.'' | |
| 142 | .br | |
| 143 | A | |
| 144 | .I fork | |
| 145 | by the server failed. | |
| 146 | .PP | |
| 3e7075be | 147 | .B ``<shellname>: ...'' |
| d8a59ffe | 148 | .br |
| 3e7075be JL |
149 | The user's login shell could not be started. This message is returned |
| 150 | on the connection associated with the | |
| 151 | .BR stderr , | |
| 152 | and is not preceded by a flag byte. | |
| d8a59ffe KM |
153 | .SH SEE ALSO |
| 154 | rsh(1C), | |
| 155 | rcmd(3X) | |
| 156 | .SH BUGS | |
| 157 | The authentication procedure used here assumes the integrity | |
| 158 | of each client machine and the connecting medium. This is | |
| 159 | insecure, but is useful in an ``open'' environment. | |
| 160 | .PP | |
| 161 | A facility to allow all data exchanges to be encrypted should be | |
| 162 | present. | |
| 14dbbfdc MK |
163 | .PP |
| 164 | A more extensible protocol should be used. |