Provided by: heimdal-servers_1.6~git20120311.dfsg.1-2_i386 bug


     rshd -- remote shell server


     rshd [-aiklnvxPL] [-p port]


     rshd is the server for the rsh(1) program. It provides an authenticated
     remote command execution service.  Supported options are:

     -n, --no-keepalive
             Disables keep-alive messages.  Keep-alives are packets sent at
             certain intervals to make sure that the client is still there,
             even when it doesn't send any data.

     -k, --kerberos
             Assume that clients connecting to this server will use some form
             of Kerberos authentication. See the EXAMPLES section for a sample
             inetd.conf(5) configuration.

     -x, --encrypt
             For Kerberos 4 this means that the connections are encrypted.
             Kerberos 5 can negotiate encryption even without this option, but
             if it's present rshd will deny unencrypted connections. This
             option implies -k.

     -v, --vacuous
             If the connecting client does not use any Kerberised
             authentication, print a message that complains about this fact,
             and exit. This is helpful if you want to move away from old port-
             based authentication.

     -P      When using the AFS filesystem, users' authentication tokens are
             put in something called a PAG (Process Authentication Group).
             Multiple processes can share a PAG, but normally each login
             session has its own PAG. This option disables the setpag() call,
             so all tokens will be put in the default (uid-based) PAG, making
             it possible to share tokens between sessions. This is only useful
             in peculiar environments, such as some batch systems.

     -i, --no-inetd
             The -i option will cause rshd to create a socket, instead of
             assuming that its stdin came from inetd(8).  This is mostly
             useful for debugging.

     -p port, --port=port
             Port to use with -i.

     -a      This flag is for backwards compatibility only.

     -L      This flag enables logging of connections to syslogd(8).  This
             option is always on in this implementation.




     The following can be used to enable Kerberised rsh in inetd.cond(5),
     while disabling non-Kerberised connections:

     shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
     kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
     ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx


     rsh(1), iruserok(3)


     The rshd command appeared in 4.2BSD.


     This implementation of rshd was written as part of the Heimdal Kerberos 5