DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

rshd(8)





NAME

     rshd -- remote shell server


SYNOPSIS

     rshd [-aiklnvxPL] [-p port]


DESCRIPTION

     rshd is the server for the rsh(1) program. It provides an authenticated
     remote command execution service.  Supported options are:

     -n, --no-keepalive
             Disables keep-alive messages.  Keep-alives are packets sent at
             certain intervals to make sure that the client is still there,
             even when it doesn't send any data.

     -k, --kerberos
             Assume that clients connecting to this server will use some form
             of Kerberos authentication. See the EXAMPLES section for a sample
             inetd.conf(5) configuration.

     -x, --encrypt
             For Kerberos 4 this means that the connections are encrypted.
             Kerberos 5 can negotiate encryption even without this option, but
             if it's present rshd will deny unencrypted connections. This
             option implies -k.

     -v, --vacuous
             If the connecting client does not use any Kerberised authentica-
             tion, print a message that complains about this fact, and exit.
             This is helpful if you want to move away from old port-based
             authentication.

     -P      When using the AFS filesystem, users' authentication tokens are
             put in something called a PAG (Process Authentication Group).
             Multiple processes can share a PAG, but normally each login ses-
             sion has its own PAG. This option disables the setpag() call, so
             all tokens will be put in the default (uid-based) PAG, making it
             possible to share tokens between sessions. This is only useful in
             peculiar environments, such as some batch systems.

     -i, --no-inetd
             The -i option will cause rshd to create a socket, instead of
             assuming that its stdin came from inetd(8).  This is mostly use-
             ful for debugging.

     -p port, --port=port
             Port to use with -i.

     -a      This flag is for backwards compatibility only.

     -L      This flag enables logging of connections to syslogd(8).  This
             option is always on in this implementation.


FILES

     /etc/hosts.equiv
     ~/.rhosts


EXAMPLES

     The following can be used to enable Kerberised rsh in inetd.cond(5),
     while disabling non-Kerberised connections:

     shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
     kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
     ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx


SEE ALSO

     rsh(1), iruserok(3)


HISTORY

     The rshd command appeared in 4.2BSD.


AUTHORS

     This implementation of rshd was written as part of the Heimdal Kerberos 5
     implementation.

HEIMDAL                        November 22, 2002                       HEIMDAL

Man(1) output converted with man2html