rshd(ADMN)
rshd --
remote shell server
Syntax
/etc/rshd
[ -k ] [ -K ] [ -X ]
Description
rshd is the network server for programs such as
rcmd(TC)
and
rcp(TC),
which need to execute a noninteractive shell on remote
machines. rshd is started by the inetd
``super server'', and therefore must
have an entry in the configuration file,
/etc/inetd.conf. (See
inetd(ADMN)
and
inetd.conf(SFF).)
By default rshd enforces an authentication
procedure based on equivalence of user names (see
hosts.equiv(SFF)).
This procedure assumes all nodes on the network are equally
secure.
Authenticated rcp and rcmd using Kerberos
rshd listens for service requests
at the kshell port (544/tcp)
as indicated in the login services specification (see
services(SFF)).
The kshell port accepts a connection from a remote
authenticated rcmd or rcp client and
establishes authentication with the client.
Authentication takes place between the client program
(rcmd or rcp)
and the host principal where the
rshd service daemon is running
using the network credentials of the user that
invoked the client program.
The principal name for host
machine.subdomain.domain is
host
/machine.subdomain.domain
The machine name must be fully qualified
(for example, kvetch.your_company.com).
The service key for this host principal is cached in the local
Default Service Key Table (/krb5/v5srvtab),
and must match the service key stored in the Security Registry.
The following authentication options are supported:
-k-
Relaxed authentication mode; if authentication cannot be established, a
traditional unauthenticated connection is established.
-K-
Strict authentication mode; if authentication cannot be established,
no service is provided.
-X-
Refuse service and print the message:
rshd: Authentication is required on host: hostname
To execute commands on behalf of remote clients,
the user invoking the client must have network credentials,
and the user's principal name must appear in the
$HOME/.k5login file on the host
where rshd is running
(this file must be writable
only by the user or by root, and it must be readable
by root on the filesystem where it resides).
Limitations
Authentication is based on Version 5 of the
Kerberos Network Authentication Service protocol.
Only this version of the protocol is supported.
Data encryption is not supported.
Files
/etc/hosts.equiv-
list of equivalent hosts
/etc/inetd.conf-
configuration file for inetd
/etc/services-
Internet services list
/krb5/v5srvtab-
local default service key table
$HOME/.k5login-
access control file for the SCO Secure TCP/IP Utilities
See also
auth.config(ADMN),
hosts.equiv(SFF),
inetd(ADMN),
inetd.conf(SFF),
k5login(SFF),
rcmd(TC),
rcp(TC),
services(SFF)
Standards conformance
Authenticated rshd is not part of any currently supported standard.
It is an extension of AT&T UNIX System V provided by
The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003