xref: /freebsd/crypto/heimdal/appl/rsh/rshd.8 (revision 6a068746777241722b2b32c5d0bc443a2a64d80b)
1*ae771770SStanislav Sedov.\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan
2bbd80c28SJacques Vidrine.\" (Royal Institute of Technology, Stockholm, Sweden).
3bbd80c28SJacques Vidrine.\" All rights reserved.
44137ff4cSJacques Vidrine.\"
5bbd80c28SJacques Vidrine.\" Redistribution and use in source and binary forms, with or without
6bbd80c28SJacques Vidrine.\" modification, are permitted provided that the following conditions
7bbd80c28SJacques Vidrine.\" are met:
8bbd80c28SJacques Vidrine.\"
9bbd80c28SJacques Vidrine.\" 1. Redistributions of source code must retain the above copyright
10bbd80c28SJacques Vidrine.\"    notice, this list of conditions and the following disclaimer.
11bbd80c28SJacques Vidrine.\"
12bbd80c28SJacques Vidrine.\" 2. Redistributions in binary form must reproduce the above copyright
13bbd80c28SJacques Vidrine.\"    notice, this list of conditions and the following disclaimer in the
14bbd80c28SJacques Vidrine.\"    documentation and/or other materials provided with the distribution.
15bbd80c28SJacques Vidrine.\"
16bbd80c28SJacques Vidrine.\" 3. Neither the name of the Institute nor the names of its contributors
17bbd80c28SJacques Vidrine.\"    may be used to endorse or promote products derived from this software
18bbd80c28SJacques Vidrine.\"    without specific prior written permission.
19bbd80c28SJacques Vidrine.\"
20bbd80c28SJacques Vidrine.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21bbd80c28SJacques Vidrine.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22bbd80c28SJacques Vidrine.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23bbd80c28SJacques Vidrine.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24bbd80c28SJacques Vidrine.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25bbd80c28SJacques Vidrine.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26bbd80c28SJacques Vidrine.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27bbd80c28SJacques Vidrine.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28bbd80c28SJacques Vidrine.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29bbd80c28SJacques Vidrine.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30bbd80c28SJacques Vidrine.\" SUCH DAMAGE.
31bbd80c28SJacques Vidrine.\"
32*ae771770SStanislav Sedov.\" $Id$
33bbd80c28SJacques Vidrine.\"
34bbd80c28SJacques Vidrine.Dd November 22, 2002
354137ff4cSJacques Vidrine.Dt RSHD 8
364137ff4cSJacques Vidrine.Os HEIMDAL
374137ff4cSJacques Vidrine.Sh NAME
384137ff4cSJacques Vidrine.Nm rshd
39*ae771770SStanislav Sedov.Nd remote shell server
404137ff4cSJacques Vidrine.Sh SYNOPSIS
414137ff4cSJacques Vidrine.Nm
424137ff4cSJacques Vidrine.Op Fl aiklnvxPL
434137ff4cSJacques Vidrine.Op Fl p Ar port
444137ff4cSJacques Vidrine.Sh DESCRIPTION
454137ff4cSJacques Vidrine.Nm
464137ff4cSJacques Vidrineis the server for
474137ff4cSJacques Vidrinethe
484137ff4cSJacques Vidrine.Xr rsh 1
494137ff4cSJacques Vidrineprogram. It provides an authenticated remote command execution
504137ff4cSJacques Vidrineservice.  Supported options are:
514137ff4cSJacques Vidrine.Bl -tag -width Ds
524137ff4cSJacques Vidrine.It Xo
538373020dSJacques Vidrine.Fl n ,
54*ae771770SStanislav Sedov.Fl Fl no-keepalive
554137ff4cSJacques Vidrine.Xc
56bbd80c28SJacques VidrineDisables keep-alive messages.
57bbd80c28SJacques VidrineKeep-alives are packets sent at certain intervals to make sure that the
58bbd80c28SJacques Vidrineclient is still there, even when it doesn't send any data.
594137ff4cSJacques Vidrine.It Xo
608373020dSJacques Vidrine.Fl k ,
61*ae771770SStanislav Sedov.Fl Fl kerberos
624137ff4cSJacques Vidrine.Xc
634137ff4cSJacques VidrineAssume that clients connecting to this server will use some form of
644137ff4cSJacques VidrineKerberos authentication. See the
654137ff4cSJacques Vidrine.Sx EXAMPLES
664137ff4cSJacques Vidrinesection for a sample
674137ff4cSJacques Vidrine.Xr inetd.conf 5
684137ff4cSJacques Vidrineconfiguration.
694137ff4cSJacques Vidrine.It Xo
708373020dSJacques Vidrine.Fl x ,
71*ae771770SStanislav Sedov.Fl Fl encrypt
724137ff4cSJacques Vidrine.Xc
734137ff4cSJacques VidrineFor Kerberos 4 this means that the connections are encrypted. Kerberos
74bbd80c28SJacques Vidrine5 can negotiate encryption even without this option, but if it's
75bbd80c28SJacques Vidrinepresent
76bbd80c28SJacques Vidrine.Nm
77bbd80c28SJacques Vidrinewill deny unencrypted connections. This option implies
784137ff4cSJacques Vidrine.Fl k .
794137ff4cSJacques Vidrine.\".It Xo
808373020dSJacques Vidrine.\".Fl l ,
81*ae771770SStanislav Sedov.\".Fl Fl no-rhosts
824137ff4cSJacques Vidrine.\".Xc
834137ff4cSJacques Vidrine.\"When using old port-based authentication, the user's
844137ff4cSJacques Vidrine.\".Pa .rhosts
85c19800e8SDoug Rabson.\"files are normally checked. This option disables this.
864137ff4cSJacques Vidrine.It Xo
878373020dSJacques Vidrine.Fl v ,
88*ae771770SStanislav Sedov.Fl Fl vacuous
894137ff4cSJacques Vidrine.Xc
904137ff4cSJacques VidrineIf the connecting client does not use any Kerberised authentication,
914137ff4cSJacques Vidrineprint a message that complains about this fact, and exit. This is
924137ff4cSJacques Vidrinehelpful if you want to move away from old port-based authentication.
934137ff4cSJacques Vidrine.It Xo
944137ff4cSJacques Vidrine.Fl P
954137ff4cSJacques Vidrine.Xc
964137ff4cSJacques VidrineWhen using the AFS filesystem, users' authentication tokens are put in
974137ff4cSJacques Vidrinesomething called a PAG (Process Authentication Group). Multiple
984137ff4cSJacques Vidrineprocesses can share a PAG, but normally each login session has its own
994137ff4cSJacques VidrinePAG. This option disables the
1004137ff4cSJacques Vidrine.Fn setpag
1014137ff4cSJacques Vidrinecall, so all tokens will be put in the default (uid-based) PAG, making
1024137ff4cSJacques Vidrineit possible to share tokens between sessions. This is only useful in
1034137ff4cSJacques Vidrinepeculiar environments, such as some batch systems.
1044137ff4cSJacques Vidrine.It Xo
1058373020dSJacques Vidrine.Fl i ,
106*ae771770SStanislav Sedov.Fl Fl no-inetd
1074137ff4cSJacques Vidrine.Xc
1084137ff4cSJacques VidrineThe
1094137ff4cSJacques Vidrine.Fl i
1104137ff4cSJacques Vidrineoption will cause
1114137ff4cSJacques Vidrine.Nm
1124137ff4cSJacques Vidrineto create a socket, instead of assuming that its stdin came from
1134137ff4cSJacques Vidrine.Xr inetd 8 .
1144137ff4cSJacques VidrineThis is mostly useful for debugging.
1154137ff4cSJacques Vidrine.It Xo
1168373020dSJacques Vidrine.Fl p Ar port ,
117*ae771770SStanislav Sedov.Fl Fl port= Ns Ar port
1184137ff4cSJacques Vidrine.Xc
1194137ff4cSJacques VidrinePort to use with
1204137ff4cSJacques Vidrine.Fl i .
1214137ff4cSJacques Vidrine.It Xo
1224137ff4cSJacques Vidrine.Fl a
1234137ff4cSJacques Vidrine.Xc
1244137ff4cSJacques VidrineThis flag is for backwards compatibility only.
1254137ff4cSJacques Vidrine.It Xo
1264137ff4cSJacques Vidrine.Fl L
1274137ff4cSJacques Vidrine.Xc
1284137ff4cSJacques VidrineThis flag enables logging of connections to
1294137ff4cSJacques Vidrine.Xr syslogd 8 .
1304137ff4cSJacques VidrineThis option is always on in this implementation.
1314137ff4cSJacques Vidrine.El
1324137ff4cSJacques Vidrine.\".Sh ENVIRONMENT
1334137ff4cSJacques Vidrine.Sh FILES
1344137ff4cSJacques Vidrine.Bl -tag -width /etc/hosts.equiv -compact
1354137ff4cSJacques Vidrine.It Pa /etc/hosts.equiv
1364137ff4cSJacques Vidrine.It Pa ~/.rhosts
1374137ff4cSJacques Vidrine.El
1384137ff4cSJacques Vidrine.Sh EXAMPLES
1394137ff4cSJacques VidrineThe following can be used to enable Kerberised rsh in
1404137ff4cSJacques Vidrine.Xr inetd.cond 5 ,
1414137ff4cSJacques Vidrinewhile disabling non-Kerberised connections:
1424137ff4cSJacques Vidrine.Bd -literal
1434137ff4cSJacques Vidrineshell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
1444137ff4cSJacques Vidrinekshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
1454137ff4cSJacques Vidrineekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx
1464137ff4cSJacques Vidrine.Ed
1474137ff4cSJacques Vidrine.\".Sh DIAGNOSTICS
1484137ff4cSJacques Vidrine.Sh SEE ALSO
1494137ff4cSJacques Vidrine.Xr rsh 1 ,
1504137ff4cSJacques Vidrine.Xr iruserok 3
1514137ff4cSJacques Vidrine.\".Sh STANDARDS
1524137ff4cSJacques Vidrine.Sh HISTORY
1534137ff4cSJacques VidrineThe
1544137ff4cSJacques Vidrine.Nm
1554137ff4cSJacques Vidrinecommand appeared in
1564137ff4cSJacques Vidrine.Bx 4.2 .
1574137ff4cSJacques Vidrine.Sh AUTHORS
1584137ff4cSJacques VidrineThis implementation of
1594137ff4cSJacques Vidrine.Nm
1604137ff4cSJacques Vidrinewas written as part of the Heimdal Kerberos 5 implementation.
1614137ff4cSJacques Vidrine.\".Sh BUGS
162