1.\" Copyright (c) 1983, 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" %sccs.include.redist.man% 5.\" 6.\" @(#)rshd.8 8.1 (Berkeley) 06/04/93 7.\" 8.Dd 9.Dt RSHD 8 10.Os BSD 4.2 11.Sh NAME 12.Nm rshd 13.Nd remote shell server 14.Sh SYNOPSIS 15.Nm rshd 16.Op Fl alnL 17.Sh DESCRIPTION 18The 19.Nm rshd 20server 21is the server for the 22.Xr rcmd 3 23routine and, consequently, for the 24.Xr rsh 1 25program. The server provides remote execution facilities 26with authentication based on privileged port numbers from trusted hosts. 27.Pp 28The 29.Nm rshd 30server 31listens for service requests at the port indicated in 32the ``cmd'' service specification; see 33.Xr services 5 . 34When a service request is received the following protocol 35is initiated: 36.Bl -enum 37.It 38The server checks the client's source port. 39If the port is not in the range 512-1023, the server 40aborts the connection. 41.It 42The server reads characters from the socket up 43to a null (`\e0') byte. The resultant string is 44interpreted as an 45.Tn ASCII 46number, base 10. 47.It 48If the number received in step 2 is non-zero, 49it is interpreted as the port number of a secondary 50stream to be used for the 51.Em stderr . 52A second connection is then created to the specified 53port on the client's machine. The source port of this 54second connection is also in the range 512-1023. 55.It 56The server checks the client's source address 57and requests the corresponding host name (see 58.Xr gethostbyaddr 3 , 59.Xr hosts 5 60and 61.Xr named 8 ) . 62If the hostname cannot be determined, 63the dot-notation representation of the host address is used. 64If the hostname is in the same domain as the server (according to 65the last two components of the domain name), 66or if the 67.Fl a 68option is given, 69the addresses for the hostname are requested, 70verifying that the name and address correspond. 71If address verification fails, the connection is aborted 72with the message, ``Host address mismatch.'' 73.It 74A null terminated user name of at most 16 characters 75is retrieved on the initial socket. This user name 76is interpreted as the user identity on the 77.Em client Ns 's 78machine. 79.It 80A null terminated user name of at most 16 characters 81is retrieved on the initial socket. This user name 82is interpreted as a user identity to use on the 83.Sy server Ns 's 84machine. 85.It 86A null terminated command to be passed to a 87shell is retrieved on the initial socket. The length of 88the command is limited by the upper bound on the size of 89the system's argument list. 90.It 91.Nm Rshd 92then validates the user using 93.Xr ruserok 3 , 94which uses the file 95.Pa /etc/hosts.equiv 96and the 97.Pa .rhosts 98file found in the user's home directory. The 99.Fl l 100option prevents 101.Xr ruserok 3 102from doing any validation based on the user's ``.rhosts'' file, 103unless the user is the superuser. 104.It 105If the file 106.Pa /etc/nologin 107exists and the user is not the superuser, 108the connection is closed. 109.It 110A null byte is returned on the initial socket 111and the command line is passed to the normal login 112shell of the user. The 113shell inherits the network connections established 114by 115.Nm rshd . 116.El 117.Pp 118Transport-level keepalive messages are enabled unless the 119.Fl n 120option is present. 121The use of keepalive messages allows sessions to be timed out 122if the client crashes or becomes unreachable. 123.Pp 124The 125.Fl L 126option causes all successful accesses to be logged to 127.Xr syslogd 8 128as 129.Li auth.info 130messages. 131.Sh DIAGNOSTICS 132Except for the last one listed below, 133all diagnostic messages 134are returned on the initial socket, 135after which any network connections are closed. 136An error is indicated by a leading byte with a value of 1371 (0 is returned in step 10 above upon successful completion 138of all the steps prior to the execution of the login shell). 139.Bl -tag -width indent 140.It Sy Locuser too long. 141The name of the user on the client's machine is 142longer than 16 characters. 143.It Sy Ruser too long. 144The name of the user on the remote machine is 145longer than 16 characters. 146.It Sy Command too long . 147The command line passed exceeds the size of the argument 148list (as configured into the system). 149.It Sy Login incorrect. 150No password file entry for the user name existed. 151.It Sy Remote directory. 152The 153.Xr chdir 154command to the home directory failed. 155.It Sy Permission denied. 156The authentication procedure described above failed. 157.It Sy Can't make pipe. 158The pipe needed for the 159.Em stderr , 160wasn't created. 161.It Sy Can't fork; try again. 162A 163.Xr fork 164by the server failed. 165.It Sy <shellname>: ... 166The user's login shell could not be started. This message is returned 167on the connection associated with the 168.Em stderr , 169and is not preceded by a flag byte. 170.El 171.Sh SEE ALSO 172.Xr rsh 1 , 173.Xr rcmd 3 , 174.Xr ruserok 3 175.Sh BUGS 176The authentication procedure used here assumes the integrity 177of each client machine and the connecting medium. This is 178insecure, but is useful in an ``open'' environment. 179.Pp 180A facility to allow all data exchanges to be encrypted should be 181present. 182.Pp 183A more extensible protocol (such as Telnet) should be used. 184