1.\" Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan 2.\" (Royal Institute of Technology, Stockholm, Sweden). 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" 3. Neither the name of the Institute nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $Id: rshd.8,v 1.7 2003/04/16 19:58:42 lha Exp $ 33.\" 34.Dd November 22, 2002 35.Dt RSHD 8 36.Os HEIMDAL 37.Sh NAME 38.Nm rshd 39.Nd 40remote shell server 41.Sh SYNOPSIS 42.Nm 43.Op Fl aiklnvxPL 44.Op Fl p Ar port 45.Sh DESCRIPTION 46.Nm 47is the server for 48the 49.Xr rsh 1 50program. It provides an authenticated remote command execution 51service. Supported options are: 52.Bl -tag -width Ds 53.It Xo 54.Fl n , 55.Fl -no-keepalive 56.Xc 57Disables keep-alive messages. 58Keep-alives are packets sent at certain intervals to make sure that the 59client is still there, even when it doesn't send any data. 60.It Xo 61.Fl k , 62.Fl -kerberos 63.Xc 64Assume that clients connecting to this server will use some form of 65Kerberos authentication. See the 66.Sx EXAMPLES 67section for a sample 68.Xr inetd.conf 5 69configuration. 70.It Xo 71.Fl x , 72.Fl -encrypt 73.Xc 74For Kerberos 4 this means that the connections are encrypted. Kerberos 755 can negotiate encryption even without this option, but if it's 76present 77.Nm 78will deny unencrypted connections. This option implies 79.Fl k . 80.\".It Xo 81.\".Fl l , 82.\".Fl -no-rhosts 83.\".Xc 84.\"When using old port-based authentication, the user's 85.\".Pa .rhosts 86.\"files are normally checked. This options disables this. 87.It Xo 88.Fl v , 89.Fl -vacuous 90.Xc 91If the connecting client does not use any Kerberised authentication, 92print a message that complains about this fact, and exit. This is 93helpful if you want to move away from old port-based authentication. 94.It Xo 95.Fl P 96.Xc 97When using the AFS filesystem, users' authentication tokens are put in 98something called a PAG (Process Authentication Group). Multiple 99processes can share a PAG, but normally each login session has its own 100PAG. This option disables the 101.Fn setpag 102call, so all tokens will be put in the default (uid-based) PAG, making 103it possible to share tokens between sessions. This is only useful in 104peculiar environments, such as some batch systems. 105.It Xo 106.Fl i , 107.Fl -no-inetd 108.Xc 109The 110.Fl i 111option will cause 112.Nm 113to create a socket, instead of assuming that its stdin came from 114.Xr inetd 8 . 115This is mostly useful for debugging. 116.It Xo 117.Fl p Ar port , 118.Fl -port= Ns Ar port 119.Xc 120Port to use with 121.Fl i . 122.It Xo 123.Fl a 124.Xc 125This flag is for backwards compatibility only. 126.It Xo 127.Fl L 128.Xc 129This flag enables logging of connections to 130.Xr syslogd 8 . 131This option is always on in this implementation. 132.El 133.\".Sh ENVIRONMENT 134.Sh FILES 135.Bl -tag -width /etc/hosts.equiv -compact 136.It Pa /etc/hosts.equiv 137.It Pa ~/.rhosts 138.El 139.Sh EXAMPLES 140The following can be used to enable Kerberised rsh in 141.Xr inetd.cond 5 , 142while disabling non-Kerberised connections: 143.Bd -literal 144shell stream tcp nowait root /usr/libexec/rshd rshd -v 145kshell stream tcp nowait root /usr/libexec/rshd rshd -k 146ekshell stream tcp nowait root /usr/libexec/rshd rshd -kx 147.Ed 148.\".Sh DIAGNOSTICS 149.Sh SEE ALSO 150.Xr rsh 1 , 151.Xr iruserok 3 152.\".Sh STANDARDS 153.Sh HISTORY 154The 155.Nm 156command appeared in 157.Bx 4.2 . 158.Sh AUTHORS 159This implementation of 160.Nm 161was written as part of the Heimdal Kerberos 5 implementation. 162.\".Sh BUGS 163