1.\" $NetBSD: rshd.8,v 1.18 2005/03/09 16:42:49 wiz Exp $ 2.\" 3.\" Copyright (c) 1983, 1989, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)rshd.8 8.1 (Berkeley) 6/4/93 31.\" 32.Dd March 9, 2005 33.Dt RSHD 8 34.Os 35.Sh NAME 36.Nm rshd 37.Nd remote shell server 38.Sh SYNOPSIS 39.Nm 40.Op Fl aLln 41.Sh DESCRIPTION 42The 43.Nm 44server is the server for the 45.Xr rcmd 3 46routine and, consequently, for the 47.Xr rsh 1 48program. 49The server provides remote execution facilities 50with authentication based on privileged port numbers from trusted hosts. 51.Pp 52The 53.Nm 54server listens for service requests at the port indicated in 55the 56.Dq cmd 57service specification; see 58.Xr services 5 . 59When a service request is received the following protocol 60is initiated: 61.Bl -enum 62.It 63The server checks the client's source port. 64If the port is not in the range 512-1023, the server 65aborts the connection. 66.It 67The server reads characters from the socket up 68to a null 69.Pq Sq \e0 70byte. 71The resultant string is interpreted as an 72.Tn ASCII 73number, base 10. 74.It 75If the number received in step 2 is non-zero, 76it is interpreted as the port number of a secondary 77stream to be used for the 78.Em stderr . 79A second connection is then created to the specified 80port on the client's machine. 81The source port of this 82second connection is also in the range 512-1023. 83.It 84The server checks the client's source address 85and requests the corresponding host name (see 86.Xr getnameinfo 3 , 87.Xr hosts 5 , 88and 89.Xr named 8 ) . 90If the hostname cannot be determined, 91the dot-notation representation of the host address is used. 92If the hostname is in the same domain as the server (according to 93the last two components of the domain name), or if the 94.Fl a 95option is given, 96the addresses for the hostname are requested, 97verifying that the name and address correspond. 98If address verification fails, the connection is aborted 99with the message 100.Dq Host address mismatch. 101.It 102A null terminated user name of at most 16 characters 103is retrieved on the initial socket. 104This user name is interpreted as the user identity on the 105.Em client Ns 's 106machine. 107.It 108A null terminated user name of at most 16 characters 109is retrieved on the initial socket. 110This user name is interpreted as a user identity to use on the 111.Sy server Ns 's 112machine. 113.It 114A null terminated command to be passed to a 115shell is retrieved on the initial socket. 116The length of the command is limited by the upper 117bound on the size of the system's argument list. 118.It 119.Nm 120then validates the user using 121.Xr ruserok 3 , 122which uses the file 123.Pa /etc/hosts.equiv 124and the 125.Pa .rhosts 126file found in the user's home directory. 127The 128.Fl l 129option prevents 130.Xr ruserok 3 131from doing any validation based on the user's 132.Dq Pa .rhosts 133file, unless the user is the superuser. 134.It 135If the file 136.Pa /etc/nologin 137exists and the user is not the superuser, 138the connection is closed. 139.It 140A null byte is returned on the initial socket 141and the command line is passed to the normal login 142shell of the user. 143The shell inherits the network connections established by 144.Nm . 145.El 146.Pp 147Transport-level keepalive messages are enabled unless the 148.Fl n 149option is present. 150The use of keepalive messages allows sessions to be timed out 151if the client crashes or becomes unreachable. 152.Pp 153The 154.Fl L 155option causes all successful accesses to be logged to 156.Xr syslogd 8 157as 158.Li auth.info 159messages. 160.Sh DIAGNOSTICS 161Except for the last one listed below, 162all diagnostic messages 163are returned on the initial socket, 164after which any network connections are closed. 165An error is indicated by a leading byte with a value of 1661 (0 is returned in step 10 above upon successful completion 167of all the steps prior to the execution of the login shell). 168.Bl -tag -width indent 169.It Sy Locuser too long. 170The name of the user on the client's machine is 171longer than 16 characters. 172.It Sy Ruser too long. 173The name of the user on the remote machine is 174longer than 16 characters. 175.It Sy Command too long . 176The command line passed exceeds the size of the argument 177list (as configured into the system). 178.It Sy Login incorrect. 179No password file entry for the user name existed. 180.It Sy Remote directory. 181The 182.Xr chdir 2 183to the home directory failed. 184.It Sy Permission denied. 185The authentication procedure described above failed. 186.It Sy Can't make pipe. 187The pipe needed for the 188.Em stderr , 189wasn't created. 190.It Sy Can't fork; try again. 191A 192.Xr fork 2 193by the server failed. 194.It Sy \*[Lt]shellname\*[Gt]: ... 195The user's login shell could not be started. 196This message is returned on the connection associated with the 197.Em stderr , 198and is not preceded by a flag byte. 199.El 200.Sh SEE ALSO 201.Xr rsh 1 , 202.Xr ssh 1 , 203.Xr rcmd 3 , 204.Xr ruserok 3 , 205.Xr hosts_access 5 , 206.Xr login.conf 5 , 207.Xr sshd 8 208.Sh BUGS 209The authentication procedure used here assumes the integrity 210of every machine and every network that can reach the rshd/rlogind 211ports on the server. 212This is insecure, but is useful in an 213.Dq open 214environment. 215.Xr sshd 8 216or a Kerberized version of this server are much more secure. 217.Pp 218A facility to allow all data exchanges to be encrypted should be 219present. 220.Pp 221A more extensible protocol (such as Telnet) should be used. 222.Pp 223.Nm 224intentionally rejects accesses from IPv4 mapped address on top of 225.Dv AF_INET6 226socket, since IPv4 mapped address complicates 227host-address based authentication. 228If you would like to accept connections from IPv4 peers, you will 229need to run 230.Nm 231on top of an 232.Dv AF_INET 233socket, not an 234.Dv AF_INET6 235socket. 236