heimdal-rshd man page

rshd — remote shell server


rshd [-aiklnvxPL] [-p port]


rshd is the server for the rsh(1) program. It provides an authenticated remote command execution service. Supported options are:

-n, --no-keepalive
Disables keep-alive messages. Keep-alives are packets sent at certain intervals to make sure that the client is still there, even when it doesn't send any data.
-k, --kerberos
Assume that clients connecting to this server will use some form of Kerberos authentication. See the Examples section for a sample inetd.conf(5) configuration.
-x, --encrypt
For Kerberos 4 this means that the connections are encrypted. Kerberos 5 can negotiate encryption even without this option, but if it's present rshd will deny unencrypted connections. This option implies -k.
-v, --vacuous
If the connecting client does not use any Kerberised authentication, print a message that complains about this fact, and exit. This is helpful if you want to move away from old port-based authentication.
When using the AFS filesystem, users' authentication tokens are put in something called a PAG (Process Authentication Group). Multiple processes can share a PAG, but normally each login session has its own PAG. This option disables the setpag() call, so all tokens will be put in the default (uid-based) PAG, making it possible to share tokens between sessions. This is only useful in peculiar environments, such as some batch systems.
-i, --no-inetd
The -i option will cause rshd to create a socket, instead of assuming that its stdin came from inetd(8). This is mostly useful for debugging.
-p port, --port=port
Port to use with -i.
This flag is for backwards compatibility only.
This flag enables logging of connections to syslogd(8). This option is always on in this implementation.




The following can be used to enable Kerberised rsh in inetd.cond(5), while disabling non-Kerberised connections:

shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v 
kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k 
ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx

See Also

rsh(1), iruserok(3)


The rshd command appeared in 4.2BSD.


This implementation of rshd was written as part of the Heimdal Kerberos 5 implementation.


Explore man page connections for heimdal-rshd(8).