1*ae771770SStanislav Sedov.\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan 2bbd80c28SJacques Vidrine.\" (Royal Institute of Technology, Stockholm, Sweden). 3bbd80c28SJacques Vidrine.\" All rights reserved. 44137ff4cSJacques Vidrine.\" 5bbd80c28SJacques Vidrine.\" Redistribution and use in source and binary forms, with or without 6bbd80c28SJacques Vidrine.\" modification, are permitted provided that the following conditions 7bbd80c28SJacques Vidrine.\" are met: 8bbd80c28SJacques Vidrine.\" 9bbd80c28SJacques Vidrine.\" 1. Redistributions of source code must retain the above copyright 10bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer. 11bbd80c28SJacques Vidrine.\" 12bbd80c28SJacques Vidrine.\" 2. Redistributions in binary form must reproduce the above copyright 13bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer in the 14bbd80c28SJacques Vidrine.\" documentation and/or other materials provided with the distribution. 15bbd80c28SJacques Vidrine.\" 16bbd80c28SJacques Vidrine.\" 3. Neither the name of the Institute nor the names of its contributors 17bbd80c28SJacques Vidrine.\" may be used to endorse or promote products derived from this software 18bbd80c28SJacques Vidrine.\" without specific prior written permission. 19bbd80c28SJacques Vidrine.\" 20bbd80c28SJacques Vidrine.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21bbd80c28SJacques Vidrine.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22bbd80c28SJacques Vidrine.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23bbd80c28SJacques Vidrine.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24bbd80c28SJacques Vidrine.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25bbd80c28SJacques Vidrine.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26bbd80c28SJacques Vidrine.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27bbd80c28SJacques Vidrine.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28bbd80c28SJacques Vidrine.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29bbd80c28SJacques Vidrine.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30bbd80c28SJacques Vidrine.\" SUCH DAMAGE. 31bbd80c28SJacques Vidrine.\" 32*ae771770SStanislav Sedov.\" $Id$ 33bbd80c28SJacques Vidrine.\" 34bbd80c28SJacques Vidrine.Dd November 22, 2002 354137ff4cSJacques Vidrine.Dt RSHD 8 364137ff4cSJacques Vidrine.Os HEIMDAL 374137ff4cSJacques Vidrine.Sh NAME 384137ff4cSJacques Vidrine.Nm rshd 39*ae771770SStanislav Sedov.Nd remote shell server 404137ff4cSJacques Vidrine.Sh SYNOPSIS 414137ff4cSJacques Vidrine.Nm 424137ff4cSJacques Vidrine.Op Fl aiklnvxPL 434137ff4cSJacques Vidrine.Op Fl p Ar port 444137ff4cSJacques Vidrine.Sh DESCRIPTION 454137ff4cSJacques Vidrine.Nm 464137ff4cSJacques Vidrineis the server for 474137ff4cSJacques Vidrinethe 484137ff4cSJacques Vidrine.Xr rsh 1 494137ff4cSJacques Vidrineprogram. It provides an authenticated remote command execution 504137ff4cSJacques Vidrineservice. Supported options are: 514137ff4cSJacques Vidrine.Bl -tag -width Ds 524137ff4cSJacques Vidrine.It Xo 538373020dSJacques Vidrine.Fl n , 54*ae771770SStanislav Sedov.Fl Fl no-keepalive 554137ff4cSJacques Vidrine.Xc 56bbd80c28SJacques VidrineDisables keep-alive messages. 57bbd80c28SJacques VidrineKeep-alives are packets sent at certain intervals to make sure that the 58bbd80c28SJacques Vidrineclient is still there, even when it doesn't send any data. 594137ff4cSJacques Vidrine.It Xo 608373020dSJacques Vidrine.Fl k , 61*ae771770SStanislav Sedov.Fl Fl kerberos 624137ff4cSJacques Vidrine.Xc 634137ff4cSJacques VidrineAssume that clients connecting to this server will use some form of 644137ff4cSJacques VidrineKerberos authentication. See the 654137ff4cSJacques Vidrine.Sx EXAMPLES 664137ff4cSJacques Vidrinesection for a sample 674137ff4cSJacques Vidrine.Xr inetd.conf 5 684137ff4cSJacques Vidrineconfiguration. 694137ff4cSJacques Vidrine.It Xo 708373020dSJacques Vidrine.Fl x , 71*ae771770SStanislav Sedov.Fl Fl encrypt 724137ff4cSJacques Vidrine.Xc 734137ff4cSJacques VidrineFor Kerberos 4 this means that the connections are encrypted. Kerberos 74bbd80c28SJacques Vidrine5 can negotiate encryption even without this option, but if it's 75bbd80c28SJacques Vidrinepresent 76bbd80c28SJacques Vidrine.Nm 77bbd80c28SJacques Vidrinewill deny unencrypted connections. This option implies 784137ff4cSJacques Vidrine.Fl k . 794137ff4cSJacques Vidrine.\".It Xo 808373020dSJacques Vidrine.\".Fl l , 81*ae771770SStanislav Sedov.\".Fl Fl no-rhosts 824137ff4cSJacques Vidrine.\".Xc 834137ff4cSJacques Vidrine.\"When using old port-based authentication, the user's 844137ff4cSJacques Vidrine.\".Pa .rhosts 85c19800e8SDoug Rabson.\"files are normally checked. This option disables this. 864137ff4cSJacques Vidrine.It Xo 878373020dSJacques Vidrine.Fl v , 88*ae771770SStanislav Sedov.Fl Fl vacuous 894137ff4cSJacques Vidrine.Xc 904137ff4cSJacques VidrineIf the connecting client does not use any Kerberised authentication, 914137ff4cSJacques Vidrineprint a message that complains about this fact, and exit. This is 924137ff4cSJacques Vidrinehelpful if you want to move away from old port-based authentication. 934137ff4cSJacques Vidrine.It Xo 944137ff4cSJacques Vidrine.Fl P 954137ff4cSJacques Vidrine.Xc 964137ff4cSJacques VidrineWhen using the AFS filesystem, users' authentication tokens are put in 974137ff4cSJacques Vidrinesomething called a PAG (Process Authentication Group). Multiple 984137ff4cSJacques Vidrineprocesses can share a PAG, but normally each login session has its own 994137ff4cSJacques VidrinePAG. This option disables the 1004137ff4cSJacques Vidrine.Fn setpag 1014137ff4cSJacques Vidrinecall, so all tokens will be put in the default (uid-based) PAG, making 1024137ff4cSJacques Vidrineit possible to share tokens between sessions. This is only useful in 1034137ff4cSJacques Vidrinepeculiar environments, such as some batch systems. 1044137ff4cSJacques Vidrine.It Xo 1058373020dSJacques Vidrine.Fl i , 106*ae771770SStanislav Sedov.Fl Fl no-inetd 1074137ff4cSJacques Vidrine.Xc 1084137ff4cSJacques VidrineThe 1094137ff4cSJacques Vidrine.Fl i 1104137ff4cSJacques Vidrineoption will cause 1114137ff4cSJacques Vidrine.Nm 1124137ff4cSJacques Vidrineto create a socket, instead of assuming that its stdin came from 1134137ff4cSJacques Vidrine.Xr inetd 8 . 1144137ff4cSJacques VidrineThis is mostly useful for debugging. 1154137ff4cSJacques Vidrine.It Xo 1168373020dSJacques Vidrine.Fl p Ar port , 117*ae771770SStanislav Sedov.Fl Fl port= Ns Ar port 1184137ff4cSJacques Vidrine.Xc 1194137ff4cSJacques VidrinePort to use with 1204137ff4cSJacques Vidrine.Fl i . 1214137ff4cSJacques Vidrine.It Xo 1224137ff4cSJacques Vidrine.Fl a 1234137ff4cSJacques Vidrine.Xc 1244137ff4cSJacques VidrineThis flag is for backwards compatibility only. 1254137ff4cSJacques Vidrine.It Xo 1264137ff4cSJacques Vidrine.Fl L 1274137ff4cSJacques Vidrine.Xc 1284137ff4cSJacques VidrineThis flag enables logging of connections to 1294137ff4cSJacques Vidrine.Xr syslogd 8 . 1304137ff4cSJacques VidrineThis option is always on in this implementation. 1314137ff4cSJacques Vidrine.El 1324137ff4cSJacques Vidrine.\".Sh ENVIRONMENT 1334137ff4cSJacques Vidrine.Sh FILES 1344137ff4cSJacques Vidrine.Bl -tag -width /etc/hosts.equiv -compact 1354137ff4cSJacques Vidrine.It Pa /etc/hosts.equiv 1364137ff4cSJacques Vidrine.It Pa ~/.rhosts 1374137ff4cSJacques Vidrine.El 1384137ff4cSJacques Vidrine.Sh EXAMPLES 1394137ff4cSJacques VidrineThe following can be used to enable Kerberised rsh in 1404137ff4cSJacques Vidrine.Xr inetd.cond 5 , 1414137ff4cSJacques Vidrinewhile disabling non-Kerberised connections: 1424137ff4cSJacques Vidrine.Bd -literal 1434137ff4cSJacques Vidrineshell stream tcp nowait root /usr/libexec/rshd rshd -v 1444137ff4cSJacques Vidrinekshell stream tcp nowait root /usr/libexec/rshd rshd -k 1454137ff4cSJacques Vidrineekshell stream tcp nowait root /usr/libexec/rshd rshd -kx 1464137ff4cSJacques Vidrine.Ed 1474137ff4cSJacques Vidrine.\".Sh DIAGNOSTICS 1484137ff4cSJacques Vidrine.Sh SEE ALSO 1494137ff4cSJacques Vidrine.Xr rsh 1 , 1504137ff4cSJacques Vidrine.Xr iruserok 3 1514137ff4cSJacques Vidrine.\".Sh STANDARDS 1524137ff4cSJacques Vidrine.Sh HISTORY 1534137ff4cSJacques VidrineThe 1544137ff4cSJacques Vidrine.Nm 1554137ff4cSJacques Vidrinecommand appeared in 1564137ff4cSJacques Vidrine.Bx 4.2 . 1574137ff4cSJacques Vidrine.Sh AUTHORS 1584137ff4cSJacques VidrineThis implementation of 1594137ff4cSJacques Vidrine.Nm 1604137ff4cSJacques Vidrinewas written as part of the Heimdal Kerberos 5 implementation. 1614137ff4cSJacques Vidrine.\".Sh BUGS 162