| 1 | .\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan
|
|---|
| 2 | .\" (Royal Institute of Technology, Stockholm, Sweden).
|
|---|
| 3 | .\" All rights reserved.
|
|---|
| 4 | .\"
|
|---|
| 5 | .\" Redistribution and use in source and binary forms, with or without
|
|---|
| 6 | .\" modification, are permitted provided that the following conditions
|
|---|
| 7 | .\" are met:
|
|---|
| 8 | .\"
|
|---|
| 9 | .\" 1. Redistributions of source code must retain the above copyright
|
|---|
| 10 | .\" notice, this list of conditions and the following disclaimer.
|
|---|
| 11 | .\"
|
|---|
| 12 | .\" 2. Redistributions in binary form must reproduce the above copyright
|
|---|
| 13 | .\" notice, this list of conditions and the following disclaimer in the
|
|---|
| 14 | .\" documentation and/or other materials provided with the distribution.
|
|---|
| 15 | .\"
|
|---|
| 16 | .\" 3. Neither the name of the Institute nor the names of its contributors
|
|---|
| 17 | .\" may be used to endorse or promote products derived from this software
|
|---|
| 18 | .\" without specific prior written permission.
|
|---|
| 19 | .\"
|
|---|
| 20 | .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|---|
| 21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|---|
| 22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|---|
| 23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|---|
| 24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|---|
| 25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|---|
| 26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|---|
| 27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|---|
| 28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|---|
| 29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|---|
| 30 | .\" SUCH DAMAGE.
|
|---|
| 31 | .\"
|
|---|
| 32 | .\" $Id$
|
|---|
| 33 | .\"
|
|---|
| 34 | .Dd November 22, 2002
|
|---|
| 35 | .Dt RSHD 8
|
|---|
| 36 | .Os HEIMDAL
|
|---|
| 37 | .Sh NAME
|
|---|
| 38 | .Nm rshd
|
|---|
| 39 | .Nd remote shell server
|
|---|
| 40 | .Sh SYNOPSIS
|
|---|
| 41 | .Nm
|
|---|
| 42 | .Op Fl aiklnvxPL
|
|---|
| 43 | .Op Fl p Ar port
|
|---|
| 44 | .Sh DESCRIPTION
|
|---|
| 45 | .Nm
|
|---|
| 46 | is the server for
|
|---|
| 47 | the
|
|---|
| 48 | .Xr rsh 1
|
|---|
| 49 | program. It provides an authenticated remote command execution
|
|---|
| 50 | service. Supported options are:
|
|---|
| 51 | .Bl -tag -width Ds
|
|---|
| 52 | .It Xo
|
|---|
| 53 | .Fl n ,
|
|---|
| 54 | .Fl Fl no-keepalive
|
|---|
| 55 | .Xc
|
|---|
| 56 | Disables keep-alive messages.
|
|---|
| 57 | Keep-alives are packets sent at certain intervals to make sure that the
|
|---|
| 58 | client is still there, even when it doesn't send any data.
|
|---|
| 59 | .It Xo
|
|---|
| 60 | .Fl k ,
|
|---|
| 61 | .Fl Fl kerberos
|
|---|
| 62 | .Xc
|
|---|
| 63 | Assume that clients connecting to this server will use some form of
|
|---|
| 64 | Kerberos authentication. See the
|
|---|
| 65 | .Sx EXAMPLES
|
|---|
| 66 | section for a sample
|
|---|
| 67 | .Xr inetd.conf 5
|
|---|
| 68 | configuration.
|
|---|
| 69 | .It Xo
|
|---|
| 70 | .Fl x ,
|
|---|
| 71 | .Fl Fl encrypt
|
|---|
| 72 | .Xc
|
|---|
| 73 | For Kerberos 4 this means that the connections are encrypted. Kerberos
|
|---|
| 74 | 5 can negotiate encryption even without this option, but if it's
|
|---|
| 75 | present
|
|---|
| 76 | .Nm
|
|---|
| 77 | will deny unencrypted connections. This option implies
|
|---|
| 78 | .Fl k .
|
|---|
| 79 | .\".It Xo
|
|---|
| 80 | .\".Fl l ,
|
|---|
| 81 | .\".Fl Fl no-rhosts
|
|---|
| 82 | .\".Xc
|
|---|
| 83 | .\"When using old port-based authentication, the user's
|
|---|
| 84 | .\".Pa .rhosts
|
|---|
| 85 | .\"files are normally checked. This option disables this.
|
|---|
| 86 | .It Xo
|
|---|
| 87 | .Fl v ,
|
|---|
| 88 | .Fl Fl vacuous
|
|---|
| 89 | .Xc
|
|---|
| 90 | If the connecting client does not use any Kerberised authentication,
|
|---|
| 91 | print a message that complains about this fact, and exit. This is
|
|---|
| 92 | helpful if you want to move away from old port-based authentication.
|
|---|
| 93 | .It Xo
|
|---|
| 94 | .Fl P
|
|---|
| 95 | .Xc
|
|---|
| 96 | When using the AFS filesystem, users' authentication tokens are put in
|
|---|
| 97 | something called a PAG (Process Authentication Group). Multiple
|
|---|
| 98 | processes can share a PAG, but normally each login session has its own
|
|---|
| 99 | PAG. This option disables the
|
|---|
| 100 | .Fn setpag
|
|---|
| 101 | call, so all tokens will be put in the default (uid-based) PAG, making
|
|---|
| 102 | it possible to share tokens between sessions. This is only useful in
|
|---|
| 103 | peculiar environments, such as some batch systems.
|
|---|
| 104 | .It Xo
|
|---|
| 105 | .Fl i ,
|
|---|
| 106 | .Fl Fl no-inetd
|
|---|
| 107 | .Xc
|
|---|
| 108 | The
|
|---|
| 109 | .Fl i
|
|---|
| 110 | option will cause
|
|---|
| 111 | .Nm
|
|---|
| 112 | to create a socket, instead of assuming that its stdin came from
|
|---|
| 113 | .Xr inetd 8 .
|
|---|
| 114 | This is mostly useful for debugging.
|
|---|
| 115 | .It Xo
|
|---|
| 116 | .Fl p Ar port ,
|
|---|
| 117 | .Fl Fl port= Ns Ar port
|
|---|
| 118 | .Xc
|
|---|
| 119 | Port to use with
|
|---|
| 120 | .Fl i .
|
|---|
| 121 | .It Xo
|
|---|
| 122 | .Fl a
|
|---|
| 123 | .Xc
|
|---|
| 124 | This flag is for backwards compatibility only.
|
|---|
| 125 | .It Xo
|
|---|
| 126 | .Fl L
|
|---|
| 127 | .Xc
|
|---|
| 128 | This flag enables logging of connections to
|
|---|
| 129 | .Xr syslogd 8 .
|
|---|
| 130 | This option is always on in this implementation.
|
|---|
| 131 | .El
|
|---|
| 132 | .\".Sh ENVIRONMENT
|
|---|
| 133 | .Sh FILES
|
|---|
| 134 | .Bl -tag -width /etc/hosts.equiv -compact
|
|---|
| 135 | .It Pa /etc/hosts.equiv
|
|---|
| 136 | .It Pa ~/.rhosts
|
|---|
| 137 | .El
|
|---|
| 138 | .Sh EXAMPLES
|
|---|
| 139 | The following can be used to enable Kerberised rsh in
|
|---|
| 140 | .Xr inetd.cond 5 ,
|
|---|
| 141 | while disabling non-Kerberised connections:
|
|---|
| 142 | .Bd -literal
|
|---|
| 143 | shell stream tcp nowait root /usr/libexec/rshd rshd -v
|
|---|
| 144 | kshell stream tcp nowait root /usr/libexec/rshd rshd -k
|
|---|
| 145 | ekshell stream tcp nowait root /usr/libexec/rshd rshd -kx
|
|---|
| 146 | .Ed
|
|---|
| 147 | .\".Sh DIAGNOSTICS
|
|---|
| 148 | .Sh SEE ALSO
|
|---|
| 149 | .Xr rsh 1 ,
|
|---|
| 150 | .Xr iruserok 3
|
|---|
| 151 | .\".Sh STANDARDS
|
|---|
| 152 | .Sh HISTORY
|
|---|
| 153 | The
|
|---|
| 154 | .Nm
|
|---|
| 155 | command appeared in
|
|---|
| 156 | .Bx 4.2 .
|
|---|
| 157 | .Sh AUTHORS
|
|---|
| 158 | This implementation of
|
|---|
| 159 | .Nm
|
|---|
| 160 | was written as part of the Heimdal Kerberos 5 implementation.
|
|---|
| 161 | .\".Sh BUGS
|
|---|
