| 1 | .\" Copyright (c) 1983 Regents of the University of California.
|
|---|
| 2 | .\" All rights reserved. The Berkeley software License Agreement
|
|---|
| 3 | .\" specifies the terms and conditions for redistribution.
|
|---|
| 4 | .\"
|
|---|
| 5 | .\" @(#)rshd.8c 6.3 (Berkeley) 5/24/86
|
|---|
| 6 | .\"
|
|---|
| 7 | .TH RSHD 8 "May 24, 1986"
|
|---|
| 8 | .UC 5
|
|---|
| 9 | .SH NAME
|
|---|
| 10 | rshd \- remote shell server
|
|---|
| 11 | .SH SYNOPSIS
|
|---|
| 12 | .B "shell stream tcp nowait root /usr/sbin/in.rshd in.rshd"
|
|---|
| 13 | .br
|
|---|
| 14 | .B "tcpd shell /usr/sbin/in.rshd"
|
|---|
| 15 | .SH DESCRIPTION
|
|---|
| 16 | .B Rshd
|
|---|
| 17 | is the server for the
|
|---|
| 18 | .BR rcmd (3)
|
|---|
| 19 | routine and, consequently, for the
|
|---|
| 20 | .BR rsh (1)
|
|---|
| 21 | program. The server provides remote execution facilities
|
|---|
| 22 | with authentication based on privileged port numbers from trusted hosts.
|
|---|
| 23 | .PP
|
|---|
| 24 | .B Rshd
|
|---|
| 25 | listens for service requests at the port indicated in
|
|---|
| 26 | the ``cmd'' service specification; see
|
|---|
| 27 | .BR services (5).
|
|---|
| 28 | When a service request is received the following protocol
|
|---|
| 29 | is initiated:
|
|---|
| 30 | .IP 1)
|
|---|
| 31 | The server checks the client's source port.
|
|---|
| 32 | If the port is not in the range 0-1023, the server
|
|---|
| 33 | aborts the connection.
|
|---|
| 34 | .IP 2)
|
|---|
| 35 | The server reads characters from the socket up
|
|---|
| 36 | to a null (`\e0') byte. The resultant string is
|
|---|
| 37 | interpreted as an ASCII number, base 10.
|
|---|
| 38 | .IP 3)
|
|---|
| 39 | If the number received in step 1 is non-zero,
|
|---|
| 40 | it is interpreted as the port number of a secondary
|
|---|
| 41 | stream to be used for the
|
|---|
| 42 | .BR stderr .
|
|---|
| 43 | A second connection is then created to the specified
|
|---|
| 44 | port on the client's machine. The source port of this
|
|---|
| 45 | second connection is also in the range 0-1023.
|
|---|
| 46 | .IP 4)
|
|---|
| 47 | The server checks the client's source address
|
|---|
| 48 | and requests the corresponding host name (see
|
|---|
| 49 | .BR gethostbyaddr (3N),
|
|---|
| 50 | .BR hosts (5)
|
|---|
| 51 | and
|
|---|
| 52 | .BR named (8)).
|
|---|
| 53 | If the hostname cannot be determined,
|
|---|
| 54 | the dot-notation representation of the host address is used.
|
|---|
| 55 | .IP 5)
|
|---|
| 56 | A null terminated user name of at most 16 characters
|
|---|
| 57 | is retrieved on the initial socket. This user name
|
|---|
| 58 | is interpreted as the user identity on the
|
|---|
| 59 | .BR client 's
|
|---|
| 60 | machine.
|
|---|
| 61 | .IP 6)
|
|---|
| 62 | A null terminated user name of at most 16 characters
|
|---|
| 63 | is retrieved on the initial socket. This user name
|
|---|
| 64 | is interpreted as a user identity to use on the
|
|---|
| 65 | .BR server 's
|
|---|
| 66 | machine.
|
|---|
| 67 | .IP 7)
|
|---|
| 68 | A null terminated command to be passed to a
|
|---|
| 69 | shell is retrieved on the initial socket. The length of
|
|---|
| 70 | the command is limited by the upper bound on the size of
|
|---|
| 71 | the system's argument list.
|
|---|
| 72 | .IP 8)
|
|---|
| 73 | .B Rshd
|
|---|
| 74 | then validates the user according to the following steps.
|
|---|
| 75 | The local (server-end) user name is looked up in the password file
|
|---|
| 76 | and a
|
|---|
| 77 | .B chdir
|
|---|
| 78 | is performed to the user's home directory. If either
|
|---|
| 79 | the lookup or
|
|---|
| 80 | .B chdir
|
|---|
| 81 | fail, the connection is terminated.
|
|---|
| 82 | If the user is not the super-user, (user id 0), the file
|
|---|
| 83 | .B /etc/hosts.equiv
|
|---|
| 84 | is consulted for a list of hosts considered ``equivalent''.
|
|---|
| 85 | If the client's host name is present in this file, the
|
|---|
| 86 | authentication is considered successful. If the lookup
|
|---|
| 87 | fails, or the user is the super-user, then the file
|
|---|
| 88 | .B .rhosts
|
|---|
| 89 | in the home directory of the remote user is checked for
|
|---|
| 90 | the machine name and identity of the user on the client's
|
|---|
| 91 | machine. If this lookup fails, the connection is terminated.
|
|---|
| 92 | .IP 9)
|
|---|
| 93 | A null byte is returned on the initial socket
|
|---|
| 94 | and the command line is passed to the normal login
|
|---|
| 95 | shell of the user. The
|
|---|
| 96 | shell inherits the network connections established
|
|---|
| 97 | by
|
|---|
| 98 | .IR rshd .
|
|---|
| 99 | .SH DIAGNOSTICS
|
|---|
| 100 | Except for the last one listed below,
|
|---|
| 101 | all diagnostic messages
|
|---|
| 102 | are returned on the initial socket,
|
|---|
| 103 | after which any network connections are closed.
|
|---|
| 104 | An error is indicated by a leading byte with a value of
|
|---|
| 105 | 1 (0 is returned in step 9 above upon successful completion
|
|---|
| 106 | of all the steps prior to the execution of the login shell).
|
|---|
| 107 | .PP
|
|---|
| 108 | .B ``locuser too long''
|
|---|
| 109 | .br
|
|---|
| 110 | The name of the user on the client's machine is
|
|---|
| 111 | longer than 16 characters.
|
|---|
| 112 | .PP
|
|---|
| 113 | .B ``remuser too long''
|
|---|
| 114 | .br
|
|---|
| 115 | The name of the user on the remote machine is
|
|---|
| 116 | longer than 16 characters.
|
|---|
| 117 | .PP
|
|---|
| 118 | .B ``command too long ''
|
|---|
| 119 | .br
|
|---|
| 120 | The command line passed exceeds the size of the argument
|
|---|
| 121 | list (as configured into the system).
|
|---|
| 122 | .PP
|
|---|
| 123 | .B ``Login incorrect.''
|
|---|
| 124 | .br
|
|---|
| 125 | No password file entry for the user name existed.
|
|---|
| 126 | .PP
|
|---|
| 127 | .B ``No remote directory.''
|
|---|
| 128 | .br
|
|---|
| 129 | The
|
|---|
| 130 | .B chdir
|
|---|
| 131 | command to the home directory failed.
|
|---|
| 132 | .PP
|
|---|
| 133 | .B ``Permission denied.''
|
|---|
| 134 | .br
|
|---|
| 135 | The authentication procedure described above failed.
|
|---|
| 136 | .PP
|
|---|
| 137 | .B ``Can't make pipe.''
|
|---|
| 138 | .br
|
|---|
| 139 | The pipe needed for the
|
|---|
| 140 | .BR stderr ,
|
|---|
| 141 | wasn't created.
|
|---|
| 142 | .PP
|
|---|
| 143 | .B ``Try again.''
|
|---|
| 144 | .br
|
|---|
| 145 | A
|
|---|
| 146 | .B fork
|
|---|
| 147 | by the server failed.
|
|---|
| 148 | .PP
|
|---|
| 149 | .B ``<shellname>: ...''
|
|---|
| 150 | .br
|
|---|
| 151 | The user's login shell could not be started. This message is returned
|
|---|
| 152 | on the connection associated with the
|
|---|
| 153 | .BR stderr ,
|
|---|
| 154 | and is not preceded by a flag byte.
|
|---|
| 155 | .SH SEE ALSO
|
|---|
| 156 | .BR rsh (1),
|
|---|
| 157 | .BR rcmd (3).
|
|---|
| 158 | .SH BUGS
|
|---|
| 159 | The authentication procedure used here assumes the integrity
|
|---|
| 160 | of each client machine and the connecting medium. This is
|
|---|
| 161 | insecure, but is useful in an ``open'' environment.
|
|---|
| 162 | .PP
|
|---|
| 163 | A facility to allow all data exchanges to be encrypted should be
|
|---|
| 164 | present.
|
|---|
| 165 | .PP
|
|---|
| 166 | A more extensible protocol should be used.
|
|---|
