1.\" Copyright (c) 1983, 1989, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by the University of
15.\"	California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\"     @(#)rshd.8	8.1 (Berkeley) 6/4/93
33.\" $FreeBSD: stable/9/libexec/rshd/rshd.8 238481 2012-07-15 11:39:35Z des $
34.\"
35.Dd June 4, 1993
36.Dt RSHD 8
37.Os
38.Sh NAME
39.Nm rshd
40.Nd remote shell server
41.Sh SYNOPSIS
42.Nm
43.Op Fl aDLln
44.Sh DESCRIPTION
45The
46.Nm
47utility
48is the server for the
49.Xr rcmd 3
50routine and, consequently, for the
51.Xr rsh 1
52utility.
53The server provides remote execution facilities
54with authentication based on privileged port numbers from trusted hosts.
55.Pp
56The
57.Nm
58utility listens for service requests at the port indicated in
59the
60.Dq cmd
61service specification; see
62.Xr services 5 .
63When a service request is received the following protocol
64is initiated:
65.Bl -enum
66.It
67The server checks the client's source port.
68If the port is not in the range 512-1023, the server
69aborts the connection.
70.It
71The server reads characters from the socket up
72to a
73.Tn NUL
74(`\e0') byte.
75The resultant string is
76interpreted as an
77.Tn ASCII
78number, base 10.
79.It
80If the number received in step 2 is non-zero,
81it is interpreted as the port number of a secondary
82stream to be used for the
83.Em stderr .
84A second connection is then created to the specified
85port on the client's machine.
86The source port of this
87second connection is also in the range 512-1023.
88.It
89The server checks the client's source address
90and requests the corresponding host name (see
91.Xr gethostbyaddr 3 ,
92.Xr hosts 5
93and
94.Xr named 8 ) .
95If the hostname cannot be determined or the hostname and address do
96not match after verification,
97the dot-notation representation of the host address is used.
98.It
99A null terminated user name of at most 16 characters
100is retrieved on the initial socket.
101This user name
102is interpreted as the user identity on the
103.Em client Ns 's
104machine.
105.It
106A null terminated user name of at most 16 characters
107is retrieved on the initial socket.
108This user name
109is interpreted as a user identity to use on the
110.Em server Ns 's
111machine.
112.It
113A null terminated command to be passed to a
114shell is retrieved on the initial socket.
115The length of
116the command is limited by the upper bound on the size of
117the system's argument list.
118.It
119The
120.Nm
121utility then validates the user using
122.Xr ruserok 3 ,
123which uses the file
124.Pa /etc/hosts.equiv
125and the
126.Pa .rhosts
127file found in the user's home directory.
128The
129.Fl l
130option prevents
131.Xr ruserok 3
132from doing any validation based on the user's
133.Pa .rhosts
134file,
135unless the user is the superuser.
136.It
137A
138.Tn NUL
139byte is returned on the initial socket
140and the command line is passed to the normal login
141shell of the user.
142The
143shell inherits the network connections established
144by
145.Nm .
146.El
147.Pp
148The options are as follows:
149.Bl -tag -width indent
150.It Fl a
151This flag is ignored, and is present for compatability purposes.
152.It Fl D
153Sets the TCP_NODELAY socket option, which improves the performance
154of small back-to-back writes at the expense of additional network
155traffic.
156.It Fl L
157Causes all successful accesses to be logged to
158.Xr syslogd 8
159as
160.Li auth.info
161messages.
162.It Fl l
163Do not use the user's
164.Pa .rhosts
165file for authentication, unless the user is the superuser.
166.It Fl n
167Turn off transport level keepalive messages.
168This will prevent sessions
169from timing out if the client crashes or becomes unreachable.
170.El
171.Sh FILES
172.Bl -tag -width /var/run/nologin -compact
173.It Pa /etc/hosts
174.It Pa /etc/hosts.equiv
175.It Pa /etc/login.conf
176.It Ev $HOME Ns Pa /.rhosts
177.Pp
178.It Pa /etc/pam.conf
179.Nm
180uses
181.Pa /etc/pam.conf
182entries with service name
183.Dq rsh .
184Authentication modules requiring passwords (such as
185.Nm pam_unix )
186are not supported.
187.El
188.Sh DIAGNOSTICS
189Except for the last one listed below,
190all diagnostic messages
191are returned on the initial socket,
192after which any network connections are closed.
193An error is indicated by a leading byte with a value of
1941 (0 is returned in step 10 above upon successful completion
195of all the steps prior to the execution of the login shell).
196.Bl -tag -width indent
197.It Sy Locuser too long.
198The name of the user on the client's machine is
199longer than 16 characters.
200.It Sy Ruser too long.
201The name of the user on the remote machine is
202longer than 16 characters.
203.It Sy Command too long.
204The command line passed exceeds the size of the argument
205list (as configured into the system).
206.It Sy Login incorrect.
207No password file entry for the user name existed
208or the authentication procedure described above failed.
209.It Sy Remote directory.
210The
211.Xr chdir 2
212function to the home directory failed.
213.It Sy Logins not available right now.
214The
215.Xr rsh 1
216utility was attempted outside the allowed hours defined in
217.Pa /etc/login.conf
218for the local user's login class.
219.It Sy Can't make pipe.
220The pipe needed for the
221.Em stderr ,
222was not created.
223.It Sy Can't fork; try again.
224A
225.Xr fork 2
226by the server failed.
227.It Sy <shellname>: ...
228The user's login shell could not be started.
229This message is returned
230on the connection associated with the
231.Em stderr ,
232and is not preceded by a flag byte.
233.El
234.Sh SEE ALSO
235.Xr rlogin 1 ,
236.Xr rsh 1 ,
237.Xr gethostbyaddr 3 ,
238.Xr rcmd 3 ,
239.Xr ruserok 3 ,
240.Xr hosts 5 ,
241.Xr hosts.equiv 5 ,
242.Xr login.conf 5 ,
243.Xr services 5 ,
244.Xr named 8 ,
245.Xr rlogind 8 ,
246.Xr syslogd 8
247.Sh HISTORY
248IPv6 support was added by WIDE/KAME project.
249.Sh BUGS
250The authentication procedure used here assumes the integrity
251of each client machine and the connecting medium.
252This is
253insecure, but is useful in an
254.Dq open
255environment.
256.Pp
257A facility to allow all data exchanges to be encrypted should be
258present.
259.Pp
260Post-PAM,
261.Fx
262also needs the following patch applied besides properly configuring
263.Pa .rhosts :
264.Bd -literal -offset indent
265--- etc/pam.d/rsh.orig  Wed Dec 17 14:36:20 2003
266+++ etc/pam.d/rsh       Wed Dec 17 14:30:43 2003
267@@ -9 +9 @@
268-auth	required	pam_rhosts.so	no_warn
269+auth	required	pam_rhosts.so	no_warn	allow_root
270.Ed
271.Pp
272A more extensible protocol (such as Telnet) should be used.
273