HPUX remshd[1m]
remshd(1M) remshd(1M)
NAME
remshd - remote shell server
SYNOPSIS
/etc/remshd [-ln]
DESCRIPTION
remshd is the server for the rcp and remsh commands and the rcmd()
function (see rcp(1), remsh(1), and rcmd(3N)). The server provides
remote execution facilities with authentication based on privileged
port numbers.
inetd calls remshd when a service request is received at the port
indicated for the shell (or cmd) service specified in /etc/services
(see inetd(1M) and services(4)). inetd creates a connection to the
service on the client's host. To run remshd, the following line
should be present in /etc/inetd.conf:
shell stream tcp nowait root /etc/remshd remshd
When remshd receives a service request, it responds with the following
protocol:
1. The server checks the client's source port. If the port is
not in the range 512 through 1023, the server aborts the
connection.
2. The server reads characters from the connection up to a null
(\0) byte. It interprets the resulting string as an ASCII
number, base 10.
3. If the number is non-zero, it is interpreted as the port
number of a secondary stream to be used for standard error.
A second connection is then created to the specified port on
the client's host. The source port of this second connection
must be in the range 0 through 1023. If the first character
sent is a null (\0), no secondary connection is made, and
command standard error is sent to the primary stream. If the
secondary connection has been made, remshd interprets bytes
it receives on that socket as signal numbers and passes them
to the command as signals. See signal(2).
4. The server checks the client's source address and requests
the corresponding host name (see gethostbyaddr(3N), hosts(4),
and named(1M)). If it cannot determine the hostname, it uses
the dot-notation representation of the host address.
5. The server reads the client's host account name from the
first connection. This is a null-terminated sequence not
exceeding 16 characters.
Hewlett-Packard Company - 1 - HP-UX Release 9.0: August 1992
remshd(1M) remshd(1M)
6. The server reads the server's host account name from the
first connection. This is a null-terminated sequence not
exceeding 16 characters.
7. The server reads a command to be passed to the shell from the
first connection. The command length is limited by the
maximum size of the system's argument list.
8. remshd then validates the user as follows:
The user account name for the server's host (step 6) is
looked up in the password file and a chdir() is
performed to the user's home directory in the server's
host. If either the lookup or chdir() fails, the
connection is terminated (see chdir(2)). If the client
account is not equivalent to the server's host account,
the connection is terminated. For more information on
equivalent accounts see hosts.equiv(4).
9. A null byte is returned on the connection associated with
standard error and the command line is passed to the normal
login shell of the user with that shell's -c option. The
shell inherits the network connections established by remshd
and assumes the normal user and group permissions of the
user.
remshd uses the following path when executing the specified
command:
:/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin
10. If a secondary socket has been set up, remshd normally exits
when command standard error and secondary socket standard
error have both been closed. If no secondary socket was set
up, remshd has execed the command and is no longer present
(see exec(2)).
The -l option prevents any authentication based on the user's .rhosts
file unless the user is the super-user.
Transport-level keep-alive messages are enabled unless the -n option
is present. The use of keep-alive messages allows sessions to be
timed out if the client crashes or becomes unreachable.
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with
standard error after which any network connections are closed. An
error is indicated by a leading byte with a value of 1 (0 is returned
in step 9 above upon successful completion of all the steps before the
command execution).
Hewlett-Packard Company - 2 - HP-UX Release 9.0: August 1992
remshd(1M) remshd(1M)
Malformed from address
The first socket connection does not use a reserved port or
the client's host address is not an ARPA Internet address.
Can't get stderr port
Unable to complete the connection of the secondary socket
used for error communication.
Second port not reserved
The secondary socket connection does not use a reserved
port.
Locuser too long
The name of the user account on the client's host is longer
than 16 characters.
Remuser too long
The name of the user on the server's host is longer than 16
characters.
Command too long
The command line passed exceeds the size of the argument
list (as configured into the system).
Login incorrect
No password file entry existed for the user name on the
server's host, or the authentication procedure described
above in step 8 failed.
No remote directory
The chdir command to the home directory in the server's host
failed.
Can't make pipe
The pipe needed for the standard error output wasn't
created.
No more processes
The server was unable to fork a process to handle the
incoming connection.
Next step: Wait a period of time and try again. If this
message persists, the server's host may have runaway
processes that are using all the entries in the process
table.
system call: ...
Error in executing the named system call. Appended to this
error is a message specifying the cause of the failure.
Hewlett-Packard Company - 3 - HP-UX Release 9.0: August 1992
remshd(1M) remshd(1M)
shellname: ...
The user's login shell could not be started. This message
is returned on the connection associated with the standard
error, and is not preceded by a leading byte with a value of
1. Other messages can be returned by the remote command
when it executes.
WARNINGS
The ``privileged port'' authentication procedure used here assumes the
integrity of each host and the connecting medium. This is insecure,
but is useful in an ``open'' environment.
remshd ignores SIGHUP, SIGINT, SIGQUIT, and SIGTERM, so these signal
numbers can safely be sent to remote commands via remshd's secondary
socket. Other signal numbers may cause remshd to kill itself.
AUTHOR
remshd was developed by the University of California, Berkeley.
FILES
/etc/hosts.equiv list of equivalent hosts
$HOME/.rhosts user's private equivalence list
SEE ALSO
remsh(1), inetd(1M), named(1M), rcmd(3N), hosts(4), hosts.equiv(4),
inetd.conf(4), inetd.sec(4), services(4).
Hewlett-Packard Company - 4 - HP-UX Release 9.0: August 1992