2002-02-19 15:46:56 +00:00
|
|
|
.\" Things to fix:
|
|
|
|
|
.\" * remove Op from mandatory flags
|
|
|
|
|
.\" * use better macros for arguments (like .Pa for files)
|
|
|
|
|
.\"
|
|
|
|
|
.Dd July 31, 2001
|
|
|
|
|
.Dt RSHD 8
|
|
|
|
|
.Os HEIMDAL
|
|
|
|
|
.Sh NAME
|
|
|
|
|
.Nm rshd
|
|
|
|
|
.Nd
|
|
|
|
|
remote shell server
|
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
|
.Nm
|
|
|
|
|
.Op Fl aiklnvxPL
|
|
|
|
|
.Op Fl p Ar port
|
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
|
.Nm
|
|
|
|
|
is the server for
|
|
|
|
|
the
|
|
|
|
|
.Xr rsh 1
|
|
|
|
|
program. It provides an authenticated remote command execution
|
|
|
|
|
service. Supported options are:
|
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
|
.It Xo
|
2002-08-30 21:23:27 +00:00
|
|
|
.Fl n ,
|
2002-02-19 15:46:56 +00:00
|
|
|
.Fl -no-keepalive
|
|
|
|
|
.Xc
|
|
|
|
|
Disables keep-alive messages. Keep-alives are packets sent a certain
|
|
|
|
|
interval to make sure that the client is still there, even when it
|
|
|
|
|
doesn't send any data.
|
|
|
|
|
.It Xo
|
2002-08-30 21:23:27 +00:00
|
|
|
.Fl k ,
|
2002-02-19 15:46:56 +00:00
|
|
|
.Fl -kerberos
|
|
|
|
|
.Xc
|
|
|
|
|
Assume that clients connecting to this server will use some form of
|
|
|
|
|
Kerberos authentication. See the
|
|
|
|
|
.Sx EXAMPLES
|
2002-08-30 21:23:27 +00:00
|
|
|
section for a sample
|
|
|
|
|
.Xr inetd.conf 5
|
2002-02-19 15:46:56 +00:00
|
|
|
configuration.
|
|
|
|
|
.It Xo
|
2002-08-30 21:23:27 +00:00
|
|
|
.Fl x ,
|
2002-02-19 15:46:56 +00:00
|
|
|
.Fl -encrypt
|
|
|
|
|
.Xc
|
|
|
|
|
For Kerberos 4 this means that the connections are encrypted. Kerberos
|
|
|
|
|
5 will negotiate encryption inline. This option implies
|
|
|
|
|
.Fl k .
|
|
|
|
|
.\".It Xo
|
2002-08-30 21:23:27 +00:00
|
|
|
.\".Fl l ,
|
2002-02-19 15:46:56 +00:00
|
|
|
.\".Fl -no-rhosts
|
|
|
|
|
.\".Xc
|
|
|
|
|
.\"When using old port-based authentication, the user's
|
|
|
|
|
.\".Pa .rhosts
|
|
|
|
|
.\"files are normally checked. This options disables this.
|
|
|
|
|
.It Xo
|
2002-08-30 21:23:27 +00:00
|
|
|
.Fl v ,
|
2002-02-19 15:46:56 +00:00
|
|
|
.Fl -vacuous
|
|
|
|
|
.Xc
|
|
|
|
|
If the connecting client does not use any Kerberised authentication,
|
|
|
|
|
print a message that complains about this fact, and exit. This is
|
|
|
|
|
helpful if you want to move away from old port-based authentication.
|
|
|
|
|
.It Xo
|
|
|
|
|
.Fl P
|
|
|
|
|
.Xc
|
|
|
|
|
When using the AFS filesystem, users' authentication tokens are put in
|
|
|
|
|
something called a PAG (Process Authentication Group). Multiple
|
|
|
|
|
processes can share a PAG, but normally each login session has its own
|
|
|
|
|
PAG. This option disables the
|
|
|
|
|
.Fn setpag
|
|
|
|
|
call, so all tokens will be put in the default (uid-based) PAG, making
|
|
|
|
|
it possible to share tokens between sessions. This is only useful in
|
|
|
|
|
peculiar environments, such as some batch systems.
|
|
|
|
|
.It Xo
|
2002-08-30 21:23:27 +00:00
|
|
|
.Fl i ,
|
2002-02-19 15:46:56 +00:00
|
|
|
.Fl -no-inetd
|
|
|
|
|
.Xc
|
2002-08-30 21:23:27 +00:00
|
|
|
The
|
|
|
|
|
.Fl i
|
2002-02-19 15:46:56 +00:00
|
|
|
option will cause
|
2002-08-30 21:23:27 +00:00
|
|
|
.Nm
|
|
|
|
|
to create a socket, instead of assuming that its stdin came from
|
2002-02-19 15:46:56 +00:00
|
|
|
.Xr inetd 8 .
|
|
|
|
|
This is mostly useful for debugging.
|
|
|
|
|
.It Xo
|
2002-08-30 21:23:27 +00:00
|
|
|
.Fl p Ar port ,
|
2002-02-19 15:46:56 +00:00
|
|
|
.Fl -port= Ns Ar port
|
|
|
|
|
.Xc
|
2002-08-30 21:23:27 +00:00
|
|
|
Port to use with
|
2002-02-19 15:46:56 +00:00
|
|
|
.Fl i .
|
|
|
|
|
.It Xo
|
|
|
|
|
.Fl a
|
|
|
|
|
.Xc
|
|
|
|
|
This flag is for backwards compatibility only.
|
|
|
|
|
.It Xo
|
|
|
|
|
.Fl L
|
|
|
|
|
.Xc
|
|
|
|
|
This flag enables logging of connections to
|
2002-08-30 21:23:27 +00:00
|
|
|
.Xr syslogd 8 .
|
2002-02-19 15:46:56 +00:00
|
|
|
This option is always on in this implementation.
|
|
|
|
|
.El
|
|
|
|
|
.\".Sh ENVIRONMENT
|
|
|
|
|
.Sh FILES
|
|
|
|
|
.Bl -tag -width /etc/hosts.equiv -compact
|
|
|
|
|
.It Pa /etc/hosts.equiv
|
|
|
|
|
.It Pa ~/.rhosts
|
|
|
|
|
.El
|
|
|
|
|
.Sh EXAMPLES
|
|
|
|
|
The following can be used to enable Kerberised rsh in
|
2002-08-30 21:23:27 +00:00
|
|
|
.Xr inetd.cond 5 ,
|
2002-02-19 15:46:56 +00:00
|
|
|
while disabling non-Kerberised connections:
|
|
|
|
|
.Bd -literal
|
|
|
|
|
shell stream tcp nowait root /usr/libexec/rshd rshd -v
|
|
|
|
|
kshell stream tcp nowait root /usr/libexec/rshd rshd -k
|
|
|
|
|
ekshell stream tcp nowait root /usr/libexec/rshd rshd -kx
|
|
|
|
|
.Ed
|
|
|
|
|
.\".Sh DIAGNOSTICS
|
|
|
|
|
.Sh SEE ALSO
|
|
|
|
|
.Xr rsh 1 ,
|
|
|
|
|
.Xr iruserok 3
|
|
|
|
|
.\".Sh STANDARDS
|
|
|
|
|
.Sh HISTORY
|
|
|
|
|
The
|
|
|
|
|
.Nm
|
|
|
|
|
command appeared in
|
|
|
|
|
.Bx 4.2 .
|
|
|
|
|
.Sh AUTHORS
|
|
|
|
|
This implementation of
|
|
|
|
|
.Nm
|
|
|
|
|
was written as part of the Heimdal Kerberos 5 implementation.
|
|
|
|
|
.\".Sh BUGS
|
