Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

remsh(1)

inetd(1M)

named(1M)

rcmd(3N)

hosts(4)

hosts.equiv(4)

inetd.conf(4)

inetd.sec(4)

services(4)

remshd(1M)

NAME

remshd − remote shell server

SYNOPSIS

/etc/remshd [-ln]

DESCRIPTION

remshd is the server for the rcp and remsh commands and the rcmd() function (see rcp(1), remsh(1), and rcmd(3N)). The server provides remote execution facilities with authentication based on privileged port numbers.

inetd calls remshd when a service request is received at the port indicated for the shell (or cmd) service specified in /etc/services (see inetd(1M) and services(4)). inetd creates a connection to the service on the client’s host.  To run remshd, the following line should be present in /etc/inetd.conf:

shell  stream  tcp  nowait  root /etc/remshd  remshd

When remshd receives a service request, it responds with the following protocol:

1.  The server checks the client’s source port.  If the port is not in the range 512 through 1023, the server aborts the connection. 

2.  The server reads characters from the connection up to a null (\0) byte.  It interprets the resulting string as an ASCII number, base 10. 

3.  If the number is non-zero, it is interpreted as the port number of a secondary stream to be used for standard error.  A second connection is then created to the specified port on the client’s host.  The source port of this second connection must be in the range 0 through 1023.  If the first character sent is a null (\0), no secondary connection is made, and command standard error is sent to the primary stream.  If the secondary connection has been made, remshd interprets bytes it receives on that socket as signal numbers and passes them to the command as signals.  See signal(2).

4.  The server checks the client’s source address and requests the corresponding host name (see gethostbyaddr(3N), hosts(4), and named(1M)). If it cannot determine the hostname, it uses the dot-notation representation of the host address.

5.  The server reads the client’s host account name from the first connection.  This is a null-terminated sequence not exceeding 16 characters. 

6.  The server reads the server’s host account name from the first connection.  This is a null-terminated sequence not exceeding 16 characters. 

7.  The server reads a command to be passed to the shell from the first connection.  The command length is limited by the maximum size of the system’s argument list. 

8.  remshd then validates the user as follows:

The user account name for the server’s host (step 6) is looked up in the password file and a chdir() is performed to the user’s home directory in the server’s host.  If either the lookup or chdir() fails, the connection is terminated (see chdir(2)). If the client account is not equivalent to the server’s host account, the connection is terminated. For more information on equivalent accounts see hosts.equiv(4).

9.  A null byte is returned on the connection associated with standard error and the command line is passed to the normal login shell of the user with that shell’s -c option.  The shell inherits the network connections established by remshd and assumes the normal user and group permissions of the user. 

remshd uses the following path when executing the specified command:

:/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin

10.  If a secondary socket has been set up, remshd normally exits when command standard error and secondary socket standard error have both been closed.  If no secondary socket was set up, remshd has execed the command and is no longer present (see exec(2)).

The -l option prevents any authentication based on the user’s .rhosts file unless the user is the super-user. 

Transport-level keep-alive messages are enabled unless the -n option is present.  The use of keep-alive messages allows sessions to be timed out if the client crashes or becomes unreachable. 

DIAGNOSTICS

All diagnostic messages are returned on the connection associated with standard error after which any network connections are closed.  An error is indicated by a leading byte with a value of 1 (0 is returned in step 9 above upon successful completion of all the steps before the command execution). 

Malformed from address
The first socket connection does not use a reserved port or the client’s host address is not an ARPA Internet address. 

Can’t get stderr port
Unable to complete the connection of the secondary socket used for error communication.

Second port not reserved
The secondary socket connection does not use a reserved port.

Locuser too long
The name of the user account on the client’s host is longer than 16 characters.

Remuser too long
The name of the user on the server’s host is longer than 16 characters.

Command too long
The command line passed exceeds the size of the argument list (as configured into the system).

Login incorrect
No password file entry existed for the user name on the server’s host, or the authentication procedure described above in step 8 failed.

No remote directory
The chdir command to the home directory in the server’s host failed. 

Can’t make pipe
The pipe needed for the standard error output wasn’t created.

No more processes
The server was unable to fork a process to handle the incoming connection.

Next step: Wait a period of time and try again. If this message persists, the server’s host may have runaway processes that are using all the entries in the process table.

system call: ...
Error in executing the named system call. Appended to this error is a message specifying the cause of the failure.

shellname: ...
The user’s login shell could not be started. This message is returned on the connection associated with the standard error, and is not preceded by a leading byte with a value of 1. Other messages can be returned by the remote command when it executes.

WARNINGS

The “privileged port” authentication procedure used here assumes the integrity of each host and the connecting medium.  This is insecure, but is useful in an “open” environment. 

remshd ignores SIGHUP, SIGINT, SIGQUIT, and SIGTERM, so these signal numbers can safely be sent to remote commands via remshd’s secondary socket.  Other signal numbers may cause remshd to kill itself. 

AUTHOR

remshd was developed by the University of California, Berkeley. 

FILES

/etc/hosts.equiv list of equivalent hosts

$HOME/.rhosts user’s private equivalence list

SEE ALSO

remsh(1), inetd(1M), named(1M), rcmd(3N), hosts(4), hosts.equiv(4), inetd.conf(4), inetd.sec(4), services(4). 

Hewlett-Packard Company  —  HP-UX Release 9.0: August 1992

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026