
RSHD(8)                  UNIX System Manager's Manual                  RSHD(8)

NNAAMMEE
     rrsshhdd - remote shell server

SSYYNNOOPPSSIISS
     rrsshhdd [--aaiikkllnnvvxxPPLL] [--pp _p_o_r_t]

DDEESSCCRRIIPPTTIIOONN
     rrsshhdd is the server for the rsh(1) program. It provides an authenticated
     remote command execution service.  Supported options are:

     --nn, ----nnoo--kkeeeeppaalliivvee
             Disables keep-alive messages.  Keep-alives are packets sent at
             certain intervals to make sure that the client is still there,
             even when it doesn't send any data.

     --kk, ----kkeerrbbeerrooss
             Assume that clients connecting to this server will use some form
             of Kerberos authentication. See the _E_X_A_M_P_L_E_S section for a sample
             inetd.conf(5) configuration.

     --xx, ----eennccrryypptt
             For Kerberos 4 this means that the connections are encrypted.
             Kerberos 5 can negotiate encryption even without this option, but
             if it's present rrsshhdd will deny unencrypted connections. This op-
             tion implies --kk.

     --vv, ----vvaaccuuoouuss
             If the connecting client does not use any Kerberised authentica-
             tion, print a message that complains about this fact, and exit.
             This is helpful if you want to move away from old port-based au-
             thentication.

     --PP      When using the AFS filesystem, users' authentication tokens are
             put in something called a PAG (Process Authentication Group).
             Multiple processes can share a PAG, but normally each login ses-
             sion has its own PAG. This option disables the sseettppaagg() call, so
             all tokens will be put in the default (uid-based) PAG, making it
             possible to share tokens between sessions. This is only useful in
             peculiar environments, such as some batch systems.

     --ii, ----nnoo--iinneettdd
             The --ii option will cause rrsshhdd to create a socket, instead of as-
             suming that its stdin came from inetd(8).  This is mostly useful
             for debugging.

     --pp _p_o_r_t, ----ppoorrtt==_p_o_r_t
             Port to use with --ii.

     --aa      This flag is for backwards compatibility only.

     --LL      This flag enables logging of connections to syslogd(8).  This op-
             tion is always on in this implementation.

FFIILLEESS
     /etc/hosts.equiv
     ~/.rhosts

EEXXAAMMPPLLEESS
     The following can be used to enable Kerberised rsh in inetd.cond(5),
     while disabling non-Kerberised connections:

     shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
     kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
     ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx

SSEEEE AALLSSOO
     rsh(1),  iruserok(3)

HHIISSTTOORRYY
     The rrsshhdd command appeared in 4.2BSD.

AAUUTTHHOORRSS
     This implementation of rrsshhdd was written as part of the Heimdal Kerberos 5
     implementation.

 HEIMDAL                       November 22, 2002                             2