heimdal-rshd (8) - Linux Man Pages

heimdal-rshd: remote shell server


rshd - remote shell server


[-aiklnvxPL ] [-p port ]


is the server for the rsh(1) program. It provides an authenticated remote command execution service. Supported options are:

-n --no-keepalive
Disables keep-alive messages. Keep-alives are packets sent at certain intervals to make sure that the client is still there, even when it doesn't send any data.
-k --kerberos
Assume that clients connecting to this server will use some form of Kerberos authentication. See the Sx EXAMPLES section for a sample inetd.conf5 configuration.
-x --encrypt
For Kerberos 4 this means that the connections are encrypted. Kerberos 5 can negotiate encryption even without this option, but if it's present will deny unencrypted connections. This option implies -k
-v --vacuous
If the connecting client does not use any Kerberised authentication, print a message that complains about this fact, and exit. This is helpful if you want to move away from old port-based authentication.
When using the AFS filesystem, users' authentication tokens are put in something called a PAG (Process Authentication Group). Multiple processes can share a PAG, but normally each login session has its own PAG. This option disables the Fn setpag call, so all tokens will be put in the default (uid-based) PAG, making it possible to share tokens between sessions. This is only useful in peculiar environments, such as some batch systems.
-i --no-inetd
The -i option will cause to create a socket, instead of assuming that its stdin came from inetd(8). This is mostly useful for debugging.
-p port --port= port
Port to use with -i
This flag is for backwards compatibility only.
This flag enables logging of connections to syslogd(8). This option is always on in this implementation.




The following can be used to enable Kerberised rsh in inetd.cond5, while disabling non-Kerberised connections:
shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx


The command appeared in BSD 4.2


This implementation of was written as part of the Heimdal Kerberos 5 implementation.


rsh(1), iruserok(3)