unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 remshd(1M)			  Kerberos			  remshd(1M)




 NAME
      remshd - remote shell server

 SYNOPSIS
      /usr/lbin/remshd [-ln]

      In Kerberos V5 Network Authentication environments:

      /usr/lbin/remshd [-clnKkRr]

 DESCRIPTION
      The remshd command is the server for the rcp, rdist and remsh
      commands, and the rcmd() function (see rcp(1), rdist(1), remsh(1), and
      rcmd(3N)).

      remshd allows two kinds of authentication methods:

	   1.	Authentication based on privileged port numbers where the
		client's source port must be in the range 512 through 1023.
		In this case remshd assumes it is operating in normal or
		non-secure environment.

	   2.	Authentication based on Kerberos V5.  In this case remshd
		assumes it is operating in a Kerberos V5 Network
		Authentication, i.e., secure environment.

      The inetd daemon invokes remshd if a service request is received at
      ports indicated by shell or kshell services specified in /etc/services
      (see inetd(1M) and services(4)).	Service requests arriving at the
      kshell port assume a secure environment and expect Kerberos
      authentication to take place.

      To start remshd from the inetd daemon in a non-secure environment, the
      configuration file /etc/inetd.conf must contain an entry as follows:

	   shell  stream  tcp  nowait  root  /usr/lbin/remshd  remshd

      In a secure environment, /etc/inetd.conf must contain an entry:

	   kshell  stream  tcp	nowait	root  /usr/lbin/remshd	remshd -K

      See inetd.conf(4) for more information.

      To prevent non-secure access, the entry for shell should be commented
      out in /etc/inetd.conf.  Any non-Kerberos access will be denied since
      the entry for the port indicated by shell has now been removed or
      commented out.  In a such a situation, a generic error message,

	   rcmd: connect <hostname> : Connection refused





 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 remshd(1M)			  Kerberos			  remshd(1M)




      is displayed.  See DIAGNOSTICS for more details.	Note:  by commenting
      out the entry for the port, access by other clients such as rdist will
      also be prevented.

    Options
      remshd recognizes the following options.

	   -c	Ignore checksum verification. This option is used to achieve
		interoperability between clients and servers using different
		checksum calculation methods. For example, the checksum
		calculation in a application developed with Kerberos V5 Beta
		4 API is different from the calculation in a Kerberos V5-1.0
		application.

	   -l	Disallow authentication based on the user's .rhosts file
		unless the user is a superuser.

	   -n	Disable transport-level keep-alive messages.  Otherwise, the
		messages are enabled.  The keep-alive messages allow
		sessions to be timed out if the client crashes or becomes
		unreachable.

      In a secure environment, remshd will recognize the following
      additional options:

	   -K	Authorization based on Kerberos V5 must succeed or access
		will be rejected. (see sis(5) for details on authorization).

	   -R	Authentication based on privileged port numbers and
		authorization of the remote user through equivalent accounts
		must succeed.  For more information on equivalent accounts,
		see hosts.equiv(4).

	   -r	Either one of the following must succeed. The order in which
		the authorization checks are done is as specified below.

		1.   Authentication based on privileged port numbers and
		     authorization of the remote user through equivalent
		     accounts (see hosts.equiv(4)).

		2.   Authorization based on Kerberos V5.

	   -k	Either one of the following must succeed.  The order in
		which the authorization checks are done is as specified
		below.

		1.   Authorization based on Kerberos V5.

		2.   Authentication based on privileged port numbers and
		     authorization of the remote user through equivalent
		     accounts.



 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 remshd(1M)			  Kerberos			  remshd(1M)




	   Note:  The -k option is ignored when used with -K, and the -r
	   option is ignored when used with -R.	 Also, if no options are
	   specified, the default option is -K.

    Operation
      When remshd receives a service request, it responds with the following
      protocol:

	   1.	The server checks the client's source port.  If the port is
		not a privileged port, i.e., in the range 512 through 1023,
		and remshd is operating in a non-secure environment, the
		connection is terminated.  In a secure environment, the
		action taken depends on the command line options:

		-R   The source port must be a privileged port otherwise the
		     connection is terminated.

		-r   If the source port is not a privileged port then
		     authorization based on Kerberos must succeed or the
		     connection is terminated.

		-k   The source port must be a privileged port if Kerberos
		     authorization fails.

		-K   No action is taken.

	   2.	The server reads characters from the connection up to a null
		(\0) byte.  It interprets the resulting string as an ASCII
		number, base 10.

	   3.	If the number is non-zero, it is interpreted as the port
		number of a secondary stream to be used for standard error.
		A second connection is then created to the specified port on
		the client's host.  (The source port of this second
		connection will also be checked as specified in item 1.) If
		the first character sent is a null (\0), no secondary
		connection is made, and the standard error from the command
		is sent to the primary stream.	If the secondary connection
		has been made, remshd interprets bytes it receives on that
		socket as signal numbers and passes them to the command as
		signals.  See signal(2).

	   4.	The server checks the client's source address and requests
		the corresponding host name (see named(1M),
		gethostbyaddr(3N), and hosts(4)).  If it cannot determine
		the hostname, it uses the dot-notation representation of the
		host address.

	   5.	In a secure environment, remshd performs authentication
		based on Kerberos V5.  See sis(5) for details.




 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000






 remshd(1M)			  Kerberos			  remshd(1M)




	   6.	The server reads the client's host account name from the
		first connection.  This is a null-terminated sequence not
		exceeding 16 characters.

	   7.	The server reads the server's host account name from the
		first connection.  This is a null-terminated sequence not
		exceeding 16 characters.

	   8.	The server reads a command to be passed to the shell from
		the first connection.  The command length is limited by the
		maximum size of the system's argument list.

	   9.	remshd then validates the user as follows (all actions take
		place on the host remshd runs on):

		a.   It looks up the user account name (retrieved in step 6)
		     in the password file.  If it finds it, it performs a
		     chdir() to either the user's home directory, if there
		     is one, or to "/."

		b.   If either the lookup or chdir() fails, the connection
		     is terminated (see chdir(2)).

		c.   The connection is also terminated if

		     +	  the account accessed is administratively locked.
			  The account can be locked by entering a character
			  in the password field that is not part of the set
			  of digits (such as *).  The characters used to
			  represent "digits" are . for 0, / for 1, 0 through
			  9 for 2 through 11, A through Z for 12 through 37,
			  and a through z for 38 through 63. (See also
			  passwd(4)).

		     +	  in a non-secure environment, the account accessed
			  is protected by a password and, either the
			  password expired or the account on the client's
			  host is not equivalent to the account accessed.

		     +	  in a secure environment, the command line options
			  decide whether connection is to be terminated.

			  -K   if Kerberos authorization does not succeed
			       the connection is terminated (see sis(5) for
			       details on authorization).

			  -R   if the client's host is not equivalent to the
			       account accessed, the connection is
			       terminated.





 Hewlett-Packard Company	    - 4 -   HP-UX Release 11i: November 2000






 remshd(1M)			  Kerberos			  remshd(1M)




			  -r   if the account is not equivalent to the
			       account accessed, then Kerberos authorization
			       has to succeed or the connection is
			       terminated.

			  -k   if Kerberos authorization fails, then the
			       account has to be equivalent or the
			       connection is terminated.  For more
			       information on equivalent accounts, see
			       hosts.equiv(4).

	   10.	A null byte is returned on the primary connection and the
		command line is passed to the normal login shell of the user
		with that shell's -c option.  The shell inherits the network
		connections established by remshd and assumes the normal
		user and group permissions of the user.

		remshd uses the following path when executing the specified
		command:

	   /usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin

	   11.	If a secondary socket has been set up, remshd normally exits
		when command standard error and secondary socket standard
		error have both been closed.  If no secondary socket was set
		up, remshd has called an exec(2) function, launched the
		command process, and is no longer present.

 DIAGNOSTICS
      All diagnostic messages are returned on the connection associated with
      standard error after which any network connections are closed.  An
      error is indicated by a leading byte with a value of 1 (0 is returned
      in step 9 above upon successful completion of all the steps before the
      command execution).

      Malformed from address

	   The first socket connection does not use a reserved port or the
	   client's host address is not an Internet address.

      Can't get stderr port

	   Unable to complete the connection of the secondary socket used
	   for error communication.

      Second port not reserved

	   The secondary socket connection does not use a reserved port.

      Locuser too long




 Hewlett-Packard Company	    - 5 -   HP-UX Release 11i: November 2000






 remshd(1M)			  Kerberos			  remshd(1M)




	   The name of the user account on the client's host is longer than
	   16 characters.

      Remuser too long

	   The name of the user on the server's host is longer than 16
	   characters.

      Command too long

	   The command line passed exceeds the size of the argument list (as
	   configured into the system).

      Login incorrect

	   No password file entry existed for the user name on the server's
	   host, or the authentication procedure described above in step 8
	   failed.

      No remote directory

	   The chdir command to the home directory or "/" on the server's
	   host failed.

      Can't make pipe

	   The pipe needed for the standard error output wasn't created.

      No more processes

	   The server was unable to fork a process to handle the incoming
	   connection.

	   Next step: Wait a period of time and try again.  If this message
	   persists, the server's host may have runaway processes that are
	   using all the entries in the process table.

      system call: message

	   Error in executing the named system call.  The message specifies
	   the cause of the failure.

      shellname: ...

	   The user's login shell could not be started.	 This message is
	   returned on the connection associated with the standard error,
	   and is not preceded by a leading byte with a value of 1.  Other
	   messages can be returned by the remote command when it executes.

      rcmd: connect : <&lt&lt&lt;hostname>&gt&gt&gt;: Connection refused.
	   This generic message could be due to a number of reasons. One of



 Hewlett-Packard Company	    - 6 -   HP-UX Release 11i: November 2000






 remshd(1M)			  Kerberos			  remshd(1M)




	   the reasons could be because the entry for shell service is not
	   present in /etc/inetd.conf.	This entry may have been removed or
	   commented out to prevent non-secure access.

      Kerberos specific errors are listed in sis(5).

 WARNINGS
      The integrity of each host and the connecting medium is assumed if the
      "privileged port" authentication procedure is used in a non-secure
      environment or if the command line options -R or -r are used in a
      secure environment.  Although both these methods provide insecure
      access, they are useful in an "open" environment.

      Note also that all information, including any passwords, are passed
      unencrypted between the two hosts when remshd is invoked in a non-
      secure environment.

      remshd ignores SIGHUP, SIGINT, SIGQUIT, and SIGTERM, so these signal
      numbers can safely be sent to remote commands via the secondary socket
      provided by remshd.  Other signal numbers may cause remshd to kill
      itself.

 AUTHOR
      remshd was developed by the University of California, Berkeley.

 FILES
      $HOME/.rhosts		    User's private equivalence list
      /etc/hosts.equiv		    List of equivalent hosts

 SEE ALSO
      remsh(1), inetd(1M), named(1M), rcmd(3N), hosts(4), hosts.equiv(4),
      inetd.conf(4), inetd.sec(4), services(4), sis(5).






















 Hewlett-Packard Company	    - 7 -   HP-UX Release 11i: November 2000