Commit | Line | Data |
---|---|---|
ccea61f9 C |
1 | .TH RSHD 8C "4 March 1983" |
2 | .UC 4 | |
3 | .SH NAME | |
4 | rshd \- remote shell server | |
5 | .SH SYNOPSIS | |
6 | .B /etc/rshd | |
7 | .SH DESCRIPTION | |
8 | .I Rshd | |
9 | is the server for the | |
10 | .IR rcmd (3X) | |
11 | routine and, consequently, for the | |
12 | .IR rsh (1C) | |
13 | program. The server provides remote execution facilities | |
14 | with authentication based on privileged port numbers. | |
15 | .PP | |
16 | .I Rshd | |
17 | listens for service requests at the port indicated in | |
18 | the ``cmd'' service specification; see | |
19 | .IR services (5). | |
20 | When a service request is received the following protocol | |
21 | is initiated: | |
22 | .IP 1) | |
23 | The server checks the client's source port. | |
24 | If the port is not in the range 0-1023, the server | |
25 | aborts the connection. | |
26 | .IP 2) | |
27 | The server reads characters from the socket up | |
28 | to a null (`\e0') byte. The resultant string is | |
29 | interpreted as an ASCII number, base 10. | |
30 | .IP 3) | |
31 | If the number received in step 1 is non-zero, | |
32 | it is interpreted as the port number of a secondary | |
33 | stream to be used for the | |
34 | .BR stderr . | |
35 | A second connection is then created to the specified | |
36 | port on the client's machine. The source port of this | |
37 | second connection is also in the range 0-1023. | |
38 | .IP 4) | |
39 | The server checks the client's source address. | |
40 | If the address is associated with a host for which no | |
41 | corresponding entry exists in the host name data base (see | |
42 | .IR hosts (5)), | |
43 | the server aborts the connection. | |
44 | .IP 5) | |
45 | A null terminated user name of at most 16 characters | |
46 | is retrieved on the initial socket. This user name | |
47 | is interpreted as a user identity to use on the | |
48 | .BR server 's | |
49 | machine. | |
50 | .IP 6) | |
51 | A null terminated user name of at most 16 characters | |
52 | is retrieved on the initial socket. This user name | |
53 | is interpreted as the user identity on the | |
54 | .BR client 's | |
55 | machine. | |
56 | .IP 7) | |
57 | A null terminated command to be passed to a | |
58 | shell is retrieved on the initial socket. The length of | |
59 | the command is limited by the upper bound on the size of | |
60 | the system's argument list. | |
61 | .IP 8) | |
62 | .I Rshd | |
63 | then validates the user according to the following steps. | |
64 | The remote user name is looked up in the password file | |
65 | and a | |
66 | .I chdir | |
67 | is performed to the user's home directory. If either | |
68 | the lookup or | |
69 | .I chdir | |
70 | fail, the connection is terminated. | |
71 | If the user is not the super-user, (user id 0), the file | |
72 | .I /etc/hosts.equiv | |
73 | is consulted for a list of hosts considered ``equivalent''. | |
74 | If the client's host name is present in this file, the | |
75 | authentication is considered successful. If the lookup | |
76 | fails, or the user is the super-user, then the file | |
77 | .I .rhosts | |
78 | in the home directory of the remote user is checked for | |
79 | the machine name and identity of the user on the client's | |
80 | machine. If this lookup fails, the connection is terminated. | |
81 | .IP 9) | |
82 | A null byte is returned on the connection associated | |
83 | with the | |
84 | .B stderr | |
85 | and the command line is passed to the normal login | |
86 | shell of the user. The | |
87 | shell inherits the network connections established | |
88 | by | |
89 | .IR rshd . | |
90 | .SH DIAGNOSTICS | |
91 | All diagnostic messages are returned on the connection | |
92 | associated with the | |
93 | .BR stderr , | |
94 | after which any network connections are closed. | |
95 | An error is indicated by a leading byte with a value of | |
96 | 1 (0 is returned in step 9 above upon successful completion | |
97 | of all the steps prior to the command execution). | |
98 | .PP | |
99 | .B ``locuser too long'' | |
100 | .br | |
101 | The name of the user on the client's machine is | |
102 | longer than 16 characters. | |
103 | .PP | |
104 | .B ``remuser too long'' | |
105 | .br | |
106 | The name of the user on the remote machine is | |
107 | longer than 16 characters. | |
108 | .PP | |
109 | .B ``command too long '' | |
110 | .br | |
111 | The command line passed exceeds the size of the argument | |
112 | list (as configured into the system). | |
113 | .PP | |
114 | .B ``Hostname for your address unknown.'' | |
115 | .br | |
116 | No entry in the host name database existed for | |
117 | the client's machine. | |
118 | .PP | |
119 | .B ``Login incorrect.'' | |
120 | .br | |
121 | No password file entry for the user name existed. | |
122 | .PP | |
123 | .B ``No remote directory.'' | |
124 | .br | |
125 | The | |
126 | .I chdir | |
127 | command to the home directory failed. | |
128 | .PP | |
129 | .B ``Permission denied.'' | |
130 | .br | |
131 | The authentication procedure described above failed. | |
132 | .PP | |
133 | .B ``Can't make pipe.'' | |
134 | .br | |
135 | The pipe needed for the | |
136 | .BR stderr , | |
137 | wasn't created. | |
138 | .PP | |
139 | .B ``Try again.'' | |
140 | .br | |
141 | A | |
142 | .I fork | |
143 | by the server failed. | |
144 | .PP | |
145 | .B ``/bin/sh: ...'' | |
146 | .br | |
147 | The user's login shell could not be started. | |
148 | .SH SEE ALSO | |
149 | rsh(1C), | |
150 | rcmd(3X) | |
151 | .SH BUGS | |
152 | The authentication procedure used here assumes the integrity | |
153 | of each client machine and the connecting medium. This is | |
154 | insecure, but is useful in an ``open'' environment. | |
155 | .PP | |
156 | A facility to allow all data exchanges to be encrypted should be | |
157 | present. |