1.\" Copyright (c) 1983, 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)rshd.8 8.1 (Berkeley) 6/4/93 33.\" $FreeBSD: stable/9/libexec/rshd/rshd.8 238481 2012-07-15 11:39:35Z des $ 34.\" 35.Dd June 4, 1993 36.Dt RSHD 8 37.Os 38.Sh NAME 39.Nm rshd 40.Nd remote shell server 41.Sh SYNOPSIS 42.Nm 43.Op Fl aDLln 44.Sh DESCRIPTION 45The 46.Nm 47utility 48is the server for the 49.Xr rcmd 3 50routine and, consequently, for the 51.Xr rsh 1 52utility. 53The server provides remote execution facilities 54with authentication based on privileged port numbers from trusted hosts. 55.Pp 56The 57.Nm 58utility listens for service requests at the port indicated in 59the 60.Dq cmd 61service specification; see 62.Xr services 5 . 63When a service request is received the following protocol 64is initiated: 65.Bl -enum 66.It 67The server checks the client's source port. 68If the port is not in the range 512-1023, the server 69aborts the connection. 70.It 71The server reads characters from the socket up 72to a 73.Tn NUL 74(`\e0') byte. 75The resultant string is 76interpreted as an 77.Tn ASCII 78number, base 10. 79.It 80If the number received in step 2 is non-zero, 81it is interpreted as the port number of a secondary 82stream to be used for the 83.Em stderr . 84A second connection is then created to the specified 85port on the client's machine. 86The source port of this 87second connection is also in the range 512-1023. 88.It 89The server checks the client's source address 90and requests the corresponding host name (see 91.Xr gethostbyaddr 3 , 92.Xr hosts 5 93and 94.Xr named 8 ) . 95If the hostname cannot be determined or the hostname and address do 96not match after verification, 97the dot-notation representation of the host address is used. 98.It 99A null terminated user name of at most 16 characters 100is retrieved on the initial socket. 101This user name 102is interpreted as the user identity on the 103.Em client Ns 's 104machine. 105.It 106A null terminated user name of at most 16 characters 107is retrieved on the initial socket. 108This user name 109is interpreted as a user identity to use on the 110.Em server Ns 's 111machine. 112.It 113A null terminated command to be passed to a 114shell is retrieved on the initial socket. 115The length of 116the command is limited by the upper bound on the size of 117the system's argument list. 118.It 119The 120.Nm 121utility then validates the user using 122.Xr ruserok 3 , 123which uses the file 124.Pa /etc/hosts.equiv 125and the 126.Pa .rhosts 127file found in the user's home directory. 128The 129.Fl l 130option prevents 131.Xr ruserok 3 132from doing any validation based on the user's 133.Pa .rhosts 134file, 135unless the user is the superuser. 136.It 137A 138.Tn NUL 139byte is returned on the initial socket 140and the command line is passed to the normal login 141shell of the user. 142The 143shell inherits the network connections established 144by 145.Nm . 146.El 147.Pp 148The options are as follows: 149.Bl -tag -width indent 150.It Fl a 151This flag is ignored, and is present for compatability purposes. 152.It Fl D 153Sets the TCP_NODELAY socket option, which improves the performance 154of small back-to-back writes at the expense of additional network 155traffic. 156.It Fl L 157Causes all successful accesses to be logged to 158.Xr syslogd 8 159as 160.Li auth.info 161messages. 162.It Fl l 163Do not use the user's 164.Pa .rhosts 165file for authentication, unless the user is the superuser. 166.It Fl n 167Turn off transport level keepalive messages. 168This will prevent sessions 169from timing out if the client crashes or becomes unreachable. 170.El 171.Sh FILES 172.Bl -tag -width /var/run/nologin -compact 173.It Pa /etc/hosts 174.It Pa /etc/hosts.equiv 175.It Pa /etc/login.conf 176.It Ev $HOME Ns Pa /.rhosts 177.Pp 178.It Pa /etc/pam.conf 179.Nm 180uses 181.Pa /etc/pam.conf 182entries with service name 183.Dq rsh . 184Authentication modules requiring passwords (such as 185.Nm pam_unix ) 186are not supported. 187.El 188.Sh DIAGNOSTICS 189Except for the last one listed below, 190all diagnostic messages 191are returned on the initial socket, 192after which any network connections are closed. 193An error is indicated by a leading byte with a value of 1941 (0 is returned in step 10 above upon successful completion 195of all the steps prior to the execution of the login shell). 196.Bl -tag -width indent 197.It Sy Locuser too long. 198The name of the user on the client's machine is 199longer than 16 characters. 200.It Sy Ruser too long. 201The name of the user on the remote machine is 202longer than 16 characters. 203.It Sy Command too long. 204The command line passed exceeds the size of the argument 205list (as configured into the system). 206.It Sy Login incorrect. 207No password file entry for the user name existed 208or the authentication procedure described above failed. 209.It Sy Remote directory. 210The 211.Xr chdir 2 212function to the home directory failed. 213.It Sy Logins not available right now. 214The 215.Xr rsh 1 216utility was attempted outside the allowed hours defined in 217.Pa /etc/login.conf 218for the local user's login class. 219.It Sy Can't make pipe. 220The pipe needed for the 221.Em stderr , 222was not created. 223.It Sy Can't fork; try again. 224A 225.Xr fork 2 226by the server failed. 227.It Sy <shellname>: ... 228The user's login shell could not be started. 229This message is returned 230on the connection associated with the 231.Em stderr , 232and is not preceded by a flag byte. 233.El 234.Sh SEE ALSO 235.Xr rlogin 1 , 236.Xr rsh 1 , 237.Xr gethostbyaddr 3 , 238.Xr rcmd 3 , 239.Xr ruserok 3 , 240.Xr hosts 5 , 241.Xr hosts.equiv 5 , 242.Xr login.conf 5 , 243.Xr services 5 , 244.Xr named 8 , 245.Xr rlogind 8 , 246.Xr syslogd 8 247.Sh HISTORY 248IPv6 support was added by WIDE/KAME project. 249.Sh BUGS 250The authentication procedure used here assumes the integrity 251of each client machine and the connecting medium. 252This is 253insecure, but is useful in an 254.Dq open 255environment. 256.Pp 257A facility to allow all data exchanges to be encrypted should be 258present. 259.Pp 260Post-PAM, 261.Fx 262also needs the following patch applied besides properly configuring 263.Pa .rhosts : 264.Bd -literal -offset indent 265--- etc/pam.d/rsh.orig Wed Dec 17 14:36:20 2003 266+++ etc/pam.d/rsh Wed Dec 17 14:30:43 2003 267@@ -9 +9 @@ 268-auth required pam_rhosts.so no_warn 269+auth required pam_rhosts.so no_warn allow_root 270.Ed 271.Pp 272A more extensible protocol (such as Telnet) should be used. 273