1.\" Copyright (c) 1983, 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)rshd.8 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD$ 30.\" 31.Dd June 4, 1993 32.Dt RSHD 8 33.Os 34.Sh NAME 35.Nm rshd 36.Nd remote shell server 37.Sh SYNOPSIS 38.Nm 39.Op Fl aDLln 40.Sh DESCRIPTION 41The 42.Nm 43utility 44is the server for the 45.Xr rcmd 3 46routine and, consequently, for the 47.Xr rsh 1 48utility. 49The server provides remote execution facilities 50with authentication based on privileged port numbers from trusted hosts. 51.Pp 52The 53.Nm 54utility listens for service requests at the port indicated in 55the 56.Dq cmd 57service specification; see 58.Xr services 5 . 59When a service request is received the following protocol 60is initiated: 61.Bl -enum 62.It 63The server checks the client's source port. 64If the port is not in the range 512-1023, the server 65aborts the connection. 66.It 67The server reads characters from the socket up 68to a 69.Tn NUL 70(`\e0') byte. 71The resultant string is 72interpreted as an 73.Tn ASCII 74number, base 10. 75.It 76If the number received in step 2 is non-zero, 77it is interpreted as the port number of a secondary 78stream to be used for the 79.Em stderr . 80A second connection is then created to the specified 81port on the client's machine. 82The source port of this 83second connection is also in the range 512-1023. 84.It 85The server checks the client's source address 86and requests the corresponding host name (see 87.Xr gethostbyaddr 3 , 88.Xr hosts 5 89and 90.Xr named 8 ) . 91If the hostname cannot be determined or the hostname and address do 92not match after verification, 93the dot-notation representation of the host address is used. 94.It 95A null terminated user name of at most 16 characters 96is retrieved on the initial socket. 97This user name 98is interpreted as the user identity on the 99.Em client Ns 's 100machine. 101.It 102A null terminated user name of at most 16 characters 103is retrieved on the initial socket. 104This user name 105is interpreted as a user identity to use on the 106.Em server Ns 's 107machine. 108.It 109A null terminated command to be passed to a 110shell is retrieved on the initial socket. 111The length of 112the command is limited by the upper bound on the size of 113the system's argument list. 114.It 115The 116.Nm 117utility then validates the user using 118.Xr ruserok 3 , 119which uses the file 120.Pa /etc/hosts.equiv 121and the 122.Pa .rhosts 123file found in the user's home directory. 124The 125.Fl l 126option prevents 127.Xr ruserok 3 128from doing any validation based on the user's 129.Pa .rhosts 130file, 131unless the user is the superuser. 132.It 133A 134.Tn NUL 135byte is returned on the initial socket 136and the command line is passed to the normal login 137shell of the user. 138The 139shell inherits the network connections established 140by 141.Nm . 142.El 143.Pp 144The options are as follows: 145.Bl -tag -width indent 146.It Fl a 147This flag is ignored, and is present for compatibility purposes. 148.It Fl D 149Sets the TCP_NODELAY socket option, which improves the performance 150of small back-to-back writes at the expense of additional network 151traffic. 152.It Fl L 153Causes all successful accesses to be logged to 154.Xr syslogd 8 155as 156.Li auth.info 157messages. 158.It Fl l 159Do not use the user's 160.Pa .rhosts 161file for authentication, unless the user is the superuser. 162.It Fl n 163Turn off transport level keepalive messages. 164This will prevent sessions 165from timing out if the client crashes or becomes unreachable. 166.El 167.Sh FILES 168.Bl -tag -width /var/run/nologin -compact 169.It Pa /etc/hosts 170.It Pa /etc/hosts.equiv 171.It Pa /etc/login.conf 172.It Ev $HOME Ns Pa /.rhosts 173.Pp 174.It Pa /etc/pam.conf 175.Nm 176uses 177.Pa /etc/pam.conf 178entries with service name 179.Dq rsh . 180Authentication modules requiring passwords (such as 181.Nm pam_unix ) 182are not supported. 183.El 184.Sh DIAGNOSTICS 185Except for the last one listed below, 186all diagnostic messages 187are returned on the initial socket, 188after which any network connections are closed. 189An error is indicated by a leading byte with a value of 1901 (0 is returned in step 10 above upon successful completion 191of all the steps prior to the execution of the login shell). 192.Bl -tag -width indent 193.It Sy Locuser too long. 194The name of the user on the client's machine is 195longer than 16 characters. 196.It Sy Ruser too long. 197The name of the user on the remote machine is 198longer than 16 characters. 199.It Sy Command too long. 200The command line passed exceeds the size of the argument 201list (as configured into the system). 202.It Sy Login incorrect. 203No password file entry for the user name existed 204or the authentication procedure described above failed. 205.It Sy Remote directory. 206The 207.Xr chdir 2 208function to the home directory failed. 209.It Sy Logins not available right now. 210The 211.Xr rsh 1 212utility was attempted outside the allowed hours defined in 213.Pa /etc/login.conf 214for the local user's login class. 215.It Sy Can't make pipe. 216The pipe needed for the 217.Em stderr , 218was not created. 219.It Sy Can't fork; try again. 220A 221.Xr fork 2 222by the server failed. 223.It Sy <shellname>: ... 224The user's login shell could not be started. 225This message is returned 226on the connection associated with the 227.Em stderr , 228and is not preceded by a flag byte. 229.El 230.Sh SEE ALSO 231.Xr rlogin 1 , 232.Xr rsh 1 , 233.Xr gethostbyaddr 3 , 234.Xr rcmd 3 , 235.Xr ruserok 3 , 236.Xr hosts 5 , 237.Xr hosts.equiv 5 , 238.Xr login.conf 5 , 239.Xr services 5 , 240.Xr named 8 , 241.Xr rlogind 8 , 242.Xr syslogd 8 243.Sh HISTORY 244IPv6 support was added by WIDE/KAME project. 245.Sh BUGS 246The authentication procedure used here assumes the integrity 247of each client machine and the connecting medium. 248This is 249insecure, but is useful in an 250.Dq open 251environment. 252.Pp 253A facility to allow all data exchanges to be encrypted should be 254present. 255.Pp 256Post-PAM, 257.Fx 258also needs the following patch applied besides properly configuring 259.Pa .rhosts : 260.Bd -literal -offset indent 261--- etc/pam.d/rsh.orig Wed Dec 17 14:36:20 2003 262+++ etc/pam.d/rsh Wed Dec 17 14:30:43 2003 263@@ -9 +9 @@ 264-auth required pam_rhosts.so no_warn 265+auth required pam_rhosts.so no_warn allow_root 266.Ed 267.Pp 268A more extensible protocol (such as Telnet) should be used. 269