rshd(8)
RSHD(8) UNIX System Manager's Manual RSHD(8)
NAME
rshd - remote shell server
SYNOPSIS
rshd [-aiklnvxPL] [-p port]
DESCRIPTION
rshd is the server for the rsh(1) program. It provides an authenticated
remote command execution service. Supported options are:
-n, --no-keepalive
Disables keep-alive messages. Keep-alives are packets sent at
certain intervals to make sure that the client is still there,
even when it doesn't send any data.
-k, --kerberos
Assume that clients connecting to this server will use some form
of Kerberos authentication. See the EXAMPLES section for a sample
inetd.conf(5) configuration.
-x, --encrypt
For Kerberos 4 this means that the connections are encrypted.
Kerberos 5 can negotiate encryption even without this option, but
if it's present rshd will deny unencrypted connections. This op-
tion implies -k.
-v, --vacuous
If the connecting client does not use any Kerberised authentica-
tion, print a message that complains about this fact, and exit.
This is helpful if you want to move away from old port-based au-
thentication.
-P When using the AFS filesystem, users' authentication tokens are
put in something called a PAG (Process Authentication Group).
Multiple processes can share a PAG, but normally each login ses-
sion has its own PAG. This option disables the setpag() call, so
all tokens will be put in the default (uid-based) PAG, making it
possible to share tokens between sessions. This is only useful in
peculiar environments, such as some batch systems.
-i, --no-inetd
The -i option will cause rshd to create a socket, instead of as-
suming that its stdin came from inetd(8). This is mostly useful
for debugging.
-p port, --port=port
Port to use with -i.
-a This flag is for backwards compatibility only.
-L This flag enables logging of connections to syslogd(8). This op-
tion is always on in this implementation.
FILES
/etc/hosts.equiv
~/.rhosts
EXAMPLES
The following can be used to enable Kerberised rsh in inetd.cond(5),
while disabling non-Kerberised connections:
shell stream tcp nowait root /usr/libexec/rshd rshd -v
kshell stream tcp nowait root /usr/libexec/rshd rshd -k
ekshell stream tcp nowait root /usr/libexec/rshd rshd -kx
SEE ALSO
rsh(1), iruserok(3)
HISTORY
The rshd command appeared in 4.2BSD.
AUTHORS
This implementation of rshd was written as part of the Heimdal Kerberos 5
implementation.
HEIMDAL November 22, 2002 2
Man(1) output converted with
man2html