diff options
Diffstat (limited to 'crypto/heimdal/appl/rsh/rsh.1')
-rw-r--r-- | crypto/heimdal/appl/rsh/rsh.1 | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1 new file mode 100644 index 0000000..5bc031f --- /dev/null +++ b/crypto/heimdal/appl/rsh/rsh.1 @@ -0,0 +1,218 @@ +.\" $Id: rsh.1,v 1.1 2001/07/31 08:13:41 joda Exp $ +.\" +.Dd July 31, 2001 +.Dt RSH 1 +.Os HEIMDAL +.Sh NAME +.Nm rsh +.Nd +remote shell +.Sh SYNOPSIS +.Nm +.Op Fl 45FGKdefnuxz +.Op Fl U Pa string +.Op Fl p Ar port +.Op Fl l Ar username +.Ar host [command] +.Sh DESCRIPTION +.Nm +authenticates to the +.Xr rshd 8 +daemon on the remote +.Ar host , +and then executes the specified +.Ar command . +.Pp +.Nm +copies its standard input to the remote command, and the standard +output and error of the remote command to its own. +.Pp +Valid options are: +.Bl -tag -width Ds +.It Xo +.Fl 4 Ns , +.Fl -krb4 +.Xc +The +.Fl 4 +option requests Kerberos 4 authentication. Normally all supported +authentication mechanisms will be tried, but in some cases more +explicit control is desired. +.It Xo +.Fl 5 Ns , +.Fl -krb5 +.Xc +The +.Fl 5 +option requests Kerberos 5 authentication. This is analogous to the +.Fl 4 +option. +.It Xo +.Fl K Ns , +.Fl -broken +.Xc +The +.Fl K +option turns off all Kerberos authentication. The long name implies +that this is more or less totally unsecure. The security in this mode +relies on reserved ports, which is not very secure. +.It Xo +.Fl n Ns , +.Fl -no-input +.Xc +The +.Fl n +option directs the input from the +.Pa /dev/null +device (see the +.Sx BUGS +section of this manual page). +.It Xo +.Fl e Ns , +.Fl -no-stderr +.Xc +Don't use a separate socket for the stderr stream. This can be +necessary if rsh-ing through a NAT bridge. +.It Xo +.Fl x Ns , +.Fl -encrypt +.Xc +The +.Fl x +option enables encryption for all data exchange. This is only valid +for Kerberos authenticated connections (see the +.Sx BUGS +section for limitations). +.It Xo +.Fl z +.Xc +The opposite of +.Fl x . +This is the default, but encryption can be enabled when using +Kerberos 5, by setting the +.Li libdefaults/encrypt +option in +.Xr krb5.conf 5 . +.It Xo +.Fl f Ns , +.Fl -forward +.Xc +Forward Kerberos 5 credentials to the remote host. Also controlled by +.Li libdefaults/forward +in +.Xr krb5.conf 5 . +.It Xo +.Fl G +.Xc +The opposite of +.Fl f . +.It Xo +.Fl F Ns , +.Fl -forwardable +.Xc +Make the forwarded credentials re-forwardable. Also controlled by +.Li libdefaults/forwardable +in +.Xr krb5.conf 5 . +.It Xo +.Fl u Ns , +.Fl -unique +.Xc +Make sure the remote credentials cache is unique, that is, don't reuse +any existing cache. Mutually exclusive to +.Fl U . +.It Xo +.Fl U Pa string Ns , +.Fl -tkfile= Ns Pa string +.Xc +Name of the remote credentials cache. Mutually exclusive to +.Fl u . +.It Xo +.Fl p Ar number-or-service Ns , +.Fl -port= Ns Ar number-or-service +.Xc +Connect to this port instead of the default (which is 514 when using +old port based authentication, 544 for Kerberos 5 and non-encrypted +Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to +the contents of +.Pa /etc/services ) . +.It Xo +.Fl l Ar string Ns , +.Fl -user= Ns Ar string +.Xc +By default the remote username is the same as the local. The +.Fl l +option or the +.Pa username@host +format allow the remote name to be specified. +.El +.\".Pp +.\"Without a +.\".Ar command +.\".Nm +.\"will just exec +.\".Xr rlogin 1 +.\"with the same arguments. +.Sh EXAMPLES +Care should be taken when issuing commands containing shell meta +characters. Without quoting these will be expanded on the local +machine. +.Pp +The following command: +.Pp +.Dl rsh otherhost cat remotefile > localfile +.Pp +will write the contents of the remote +.Pa remotefile +to the local +.Pa localfile , +but: +.Pp +.Dl rsh otherhost 'cat remotefile > remotefile2' +.Pp +will write it to the remote +.Pa remotefile2 . +.\".Sh ENVIRONMENT +.Sh FILES +.Bl -tag -width /etc/hosts -compact +.It Pa /etc/hosts +.El +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr rlogin 1 , +.Xr krb_realmofhost 3 , +.Xr krb_sendauth 3 , +.Xr hosts.equiv 5 , +.Xr krb5.conf 5 , +.Xr rhosts 5 , +.Xr kerberos 8 +.Xr rshd 8 +.\".Sh STANDARDS +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Sh AUTHORS +This implementation of +.Nm +was written as part of the Heimdal Kerberos 5 implementation. +.Sh BUGS +Some shells (notably +.Xr csh 1 ) +will cause +.Nm +to block if run in the background, unless the standard input is directed away from the terminal. This is what the +.Fl n +option is for. +.Pp +The +.Fl x +options enables encryption for the session, but for both Kerberos 4 +and 5 the actual command is sent unencrypted, so you should not send +any secret information in the command line (which is probably a bad +idea anyway, since the command line can usually be read with tools +like +.Xr ps 1 ) . +Forthermore in Kerberos 4 the command is not even integrity +protected, so anyone with the right tools can modify the command. |