NAME¶
rshd —
remote shell server
SYNOPSIS¶
rshd |
[-aiklnvxPL]
[-p
port] |
DESCRIPTION¶
rshd is the server for the
rsh(1) program.
It provides an authenticated remote command execution service. Supported
options are:
- -n,
--no-keepalive
- Disables keep-alive messages. Keep-alives are packets sent
at certain intervals to make sure that the client is still there, even
when it doesn't send any data.
- -k,
--kerberos
- Assume that clients connecting to this server will use some
form of Kerberos authentication. See the
EXAMPLES section for a sample
inetd.conf(5) configuration.
- -x,
--encrypt
- For Kerberos 4 this means that the connections are
encrypted. Kerberos 5 can negotiate encryption even without this option,
but if it's present rshd will deny unencrypted
connections. This option implies -k.
- -v,
--vacuous
- If the connecting client does not use any Kerberised
authentication, print a message that complains about this fact, and exit.
This is helpful if you want to move away from old port-based
authentication.
- -P
- When using the AFS filesystem, users' authentication tokens
are put in something called a PAG (Process Authentication Group). Multiple
processes can share a PAG, but normally each login session has its own
PAG. This option disables the setpag() call, so all
tokens will be put in the default (uid-based) PAG, making it possible to
share tokens between sessions. This is only useful in peculiar
environments, such as some batch systems.
- -i,
--no-inetd
- The -i option will cause
rshd to create a socket, instead of assuming that its
stdin came from inetd(8). This is mostly useful for
debugging.
- -p
port,
--port=port
- Port to use with -i.
- -a
- This flag is for backwards compatibility only.
- -L
- This flag enables logging of connections to
syslogd(8). This option is always on in this
implementation.
FILES¶
- /etc/hosts.equiv
-
- ~/.rhosts
-
EXAMPLES¶
The following can be used to enable Kerberised rsh in
inetd.cond(5), while disabling non-Kerberised connections:
shell stream tcp nowait root /usr/libexec/rshd rshd -v
kshell stream tcp nowait root /usr/libexec/rshd rshd -k
ekshell stream tcp nowait root /usr/libexec/rshd rshd -kx
SEE ALSO¶
rsh(1),
iruserok(3)
HISTORY¶
The
rshd command appeared in
4.2BSD.
AUTHORS¶
This implementation of
rshd was written as part of the Heimdal
Kerberos 5 implementation.