source: trunk/minix/man/man8/rshd.8@ 15

Last change on this file since 15 was 9, checked in by Mattia Monga, 14 years ago

Minix 3.1.2a

File size: 4.7 KB
Line 
1.\" Copyright (c) 1983 Regents of the University of California.
2.\" All rights reserved. The Berkeley software License Agreement
3.\" specifies the terms and conditions for redistribution.
4.\"
5.\" @(#)rshd.8c 6.3 (Berkeley) 5/24/86
6.\"
7.TH RSHD 8 "May 24, 1986"
8.UC 5
9.SH NAME
10rshd \- remote shell server
11.SH SYNOPSIS
12.B "shell stream tcp nowait root /usr/sbin/in.rshd in.rshd"
13.br
14.B "tcpd shell /usr/sbin/in.rshd"
15.SH DESCRIPTION
16.B Rshd
17is the server for the
18.BR rcmd (3)
19routine and, consequently, for the
20.BR rsh (1)
21program. The server provides remote execution facilities
22with authentication based on privileged port numbers from trusted hosts.
23.PP
24.B Rshd
25listens for service requests at the port indicated in
26the ``cmd'' service specification; see
27.BR services (5).
28When a service request is received the following protocol
29is initiated:
30.IP 1)
31The server checks the client's source port.
32If the port is not in the range 0-1023, the server
33aborts the connection.
34.IP 2)
35The server reads characters from the socket up
36to a null (`\e0') byte. The resultant string is
37interpreted as an ASCII number, base 10.
38.IP 3)
39If the number received in step 1 is non-zero,
40it is interpreted as the port number of a secondary
41stream to be used for the
42.BR stderr .
43A second connection is then created to the specified
44port on the client's machine. The source port of this
45second connection is also in the range 0-1023.
46.IP 4)
47The server checks the client's source address
48and requests the corresponding host name (see
49.BR gethostbyaddr (3N),
50.BR hosts (5)
51and
52.BR named (8)).
53If the hostname cannot be determined,
54the dot-notation representation of the host address is used.
55.IP 5)
56A null terminated user name of at most 16 characters
57is retrieved on the initial socket. This user name
58is interpreted as the user identity on the
59.BR client 's
60machine.
61.IP 6)
62A null terminated user name of at most 16 characters
63is retrieved on the initial socket. This user name
64is interpreted as a user identity to use on the
65.BR server 's
66machine.
67.IP 7)
68A null terminated command to be passed to a
69shell is retrieved on the initial socket. The length of
70the command is limited by the upper bound on the size of
71the system's argument list.
72.IP 8)
73.B Rshd
74then validates the user according to the following steps.
75The local (server-end) user name is looked up in the password file
76and a
77.B chdir
78is performed to the user's home directory. If either
79the lookup or
80.B chdir
81fail, the connection is terminated.
82If the user is not the super-user, (user id 0), the file
83.B /etc/hosts.equiv
84is consulted for a list of hosts considered ``equivalent''.
85If the client's host name is present in this file, the
86authentication is considered successful. If the lookup
87fails, or the user is the super-user, then the file
88.B .rhosts
89in the home directory of the remote user is checked for
90the machine name and identity of the user on the client's
91machine. If this lookup fails, the connection is terminated.
92.IP 9)
93A null byte is returned on the initial socket
94and the command line is passed to the normal login
95shell of the user. The
96shell inherits the network connections established
97by
98.IR rshd .
99.SH DIAGNOSTICS
100Except for the last one listed below,
101all diagnostic messages
102are returned on the initial socket,
103after which any network connections are closed.
104An error is indicated by a leading byte with a value of
1051 (0 is returned in step 9 above upon successful completion
106of all the steps prior to the execution of the login shell).
107.PP
108.B ``locuser too long''
109.br
110The name of the user on the client's machine is
111longer than 16 characters.
112.PP
113.B ``remuser too long''
114.br
115The name of the user on the remote machine is
116longer than 16 characters.
117.PP
118.B ``command too long ''
119.br
120The command line passed exceeds the size of the argument
121list (as configured into the system).
122.PP
123.B ``Login incorrect.''
124.br
125No password file entry for the user name existed.
126.PP
127.B ``No remote directory.''
128.br
129The
130.B chdir
131command to the home directory failed.
132.PP
133.B ``Permission denied.''
134.br
135The authentication procedure described above failed.
136.PP
137.B ``Can't make pipe.''
138.br
139The pipe needed for the
140.BR stderr ,
141wasn't created.
142.PP
143.B ``Try again.''
144.br
145A
146.B fork
147by the server failed.
148.PP
149.B ``<shellname>: ...''
150.br
151The user's login shell could not be started. This message is returned
152on the connection associated with the
153.BR stderr ,
154and is not preceded by a flag byte.
155.SH SEE ALSO
156.BR rsh (1),
157.BR rcmd (3).
158.SH BUGS
159The authentication procedure used here assumes the integrity
160of each client machine and the connecting medium. This is
161insecure, but is useful in an ``open'' environment.
162.PP
163A facility to allow all data exchanges to be encrypted should be
164present.
165.PP
166A more extensible protocol should be used.
Note: See TracBrowser for help on using the repository browser.