HP-UX Reference (11i v1 00/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

191

192

193

194

195

196

197

198

199

200

__________________________________________________________________________________________________________________________________________________________________________________________________

STANDARD Printed by: Nora Chuang [nchuang] STANDARD

/build/1111/BRICK/man1m/naaagt.1m

________________________________________________________________

___ ___

remshd(1M) remshd(1M)

NAME

remshd - remote shell server

SYNOPSIS

/usr/lbin/remshd [-lns]

DESCRIPTION

The remshd command is the server for the rcp, rdist and remsh commands, and the rcmd() func-

tion (see rcp(1), rdist(1), remsh(1), and rcmd(3N)). The server provides remote execution facilities with

authentication based on privileged port numbers.

The inetd daemon calls remshd when a service request is received at the port indicated for the shell

(or cmd) service speciﬁed in /etc/services (see inetd(1M) and services(4)). When called, inetd

creates a connection to the service on the client’s host. To run remshd, the following line should be

present in the /etc/inetd.conf ﬁle:

shell stream tcp nowait root /usr/lbin/remshd remshd

See inetd.conf(4) for more information.

Options

remshd recognizes the following options.

-l Disallow authentication based on the user’s

.rhosts ﬁle unless the user is a superuser.

-n Disable transport-level keep-alive messages. Otherwise, the messages are enabled. The keep-

alive messages allow sessions to be timed out if the client crashes or becomes unreachable.

-s This option is used in multi-homed NIS systems. It disables remshd from doing a reverse

lookup, of the client’s IP address; see gethostbyname(3N). It can be used to circumvent an NIS

limitation with multihomed hosts.

Operation

When

remshd receives a service request, it responds with the following protocol:

1. The server checks the client’s source port. If the port is not in the range 512 through 1023, the

server aborts the connection.

2. The server reads characters from the connection up to a null (\0

) byte. It interprets the result-

ing string as an ASCII number, base 10.

3. If the number is non-zero, it is interpreted as the port number of a secondary stream to be used

for standard error. A second connection is then created to the speciﬁed port on the client’s host.

(The source port of this second connection must be also in the range 512 through 1023.) If the

ﬁrst character sent is a null (

\0), no secondary connection is made, and the standard error from

the command is sent to the primary stream. If the secondary connection has been made,

remshd interprets bytes it receives on that socket as signal numbers and passes them to the

command as signals. See signal(2).

4. The server checks the client’s source address and requests the corresponding host name (see

named(1M), gethostbyaddr(3N), and hosts(4)). If it cannot determine the hostname, it uses the

dot-notation representation of the host address.

5. The server reads the client’s host account name from the ﬁrst connection. This is a null-

terminated sequence not exceeding 16 characters.

6. The server reads the server’s host account name from the ﬁrst connection. This is a null-

terminated sequence not exceeding 16 characters.

7. The server reads a command to be passed to the shell from the ﬁrst connection. The command

length is limited by the maximum size of the system’s argument list.

remshd then validates the user as follows (all actions take place on the host remshd runs on):

a. It looks up the user account name (retrieved in step 6) in the password ﬁle. If it ﬁnds it, it

performs a chdir() to either the user’s home directory, if there is one, or to "/."

b. If either the lookup or chdir() fails, the connection is terminated (see chdir(2)).

c. The connection is also terminated if

HP-UX Release 11i: December 2000 − 1 − Section 1M−−695

___