‘rshd’ in AIX

http://publib.boulder.ibm.com/infocenter/systems/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds4/rshd.htm

rshd Daemon
Purpose
Provides the server function for remote command execution.

Syntax

Note:
The rshd daemon is usually started by the inetd daemon. It can also be controlled from
the command line, using SRC commands.

/usr/sbin/rshd [ -c ] [ -s ] [ -p ]

Description

The /usr/sbin/rshd daemon is the server for the rcp and rsh commands. The rshd
daemon provides remote execution of shell commands. These commands are based on
requests from privileged sockets on trusted hosts. The shell commands must have user
authentication. The rshd daemon listens at the socket defined in the /etc/services file.

Changes to the rshd daemon can be made using the System Management Interface Tool
(SMIT) or System Resource Controller (SRC), by editing the /etc/inetd.conf or
/etc/services file. Entering rshd at the command line is not recommended. The rshd
daemon is started by default when it is uncommented in the /etc/inetd.conf file.

The inetd daemon get its information from the /etc/inetd.conf file and the /etc/services
file.

After changing the /etc/inetd.conf or /etc/services file, run the refresh -s inetd or kill -
1 InetdPID command to inform the inetd daemon of the changes to its configuration file.

Service Request Protocol

When the rshd daemon receives a service request, it initiates the following protocol:
 1. The rshd daemon checks the source port number for the request. If the port
number is not in the range 512 through 1023, the rshd daemon terminates the
connection.
2. The rshd daemon reads characters from the socket up to a null byte. The string
read is interpreted as an ASCII number (base 10). If this number is nonzero, the
rshd daemon interprets it as the port number of a secondary stream to be used as
standard error. A second connection is created to the specified port on the client
host. The source port on the local host is also in the range 512 through 1023.
3. The rshd daemon uses the source address of the initial connection request to
determine the name of the client host. If the name cannot be determined, the rshd
daemon uses the dotted decimal representation of the client host's address.
4. The rshd daemon retrieves the following information from the initial socket:
o A null-terminated string of at most 16 bytes interpreted as the user name
of the user on the client host.
o A null-terminated string of at most 16 bytes interpreted as the user name
to be used on the local server host.
o Another null-terminated string interpreted as a command line to be passed
to a shell on the local server host.
5. The rshd daemon attempts to validate the user using the following steps:
a. The rshd daemon looks up the local user name in the /etc/passwd and
/etc/security/passwd file and checks to see if the password, and therefore
the user, has expired. It also verifies that the encrypted password string is
valid and tries to switch to the home directory (using the chdir
subroutine). If either the lookup or the directory change fails, the rshd
daemon terminates the connection.
b. If the local user ID is a nonzero value, the rshd daemon searches the
/etc/hosts.equiv file to see if the name of the client workstation is listed. If
the client workstation is listed as an equivalent host, the rshd daemon
validates the user.
c. If the $HOME/.rhosts file exists, the rshd daemon tries to authenticate
the user by checking the .rhosts file.
d. If either the $HOME/.rhosts authentication fails or the client host is not
an equivalent host, the rshd daemon terminates the connection.
6. After rshd validates the user, the rshd daemon returns a null byte on the initial
connection and passes the command line to the user's local login shell. The shell
then inherits the network connections established by the rshd daemon.

The rshd daemon should be controlled using the System Management Interface Tool
(SMIT) or by changing the /etc/inetd.conf file. Typing rshd at the command line is not
recommended.

Manipulating the rshd Daemon with the System Resource Controller

The rshd daemon is a subserver of the inetd daemon, which is a subsystem of the System
Resource Controller (SRC). The rshd daemon is a member of the tcpip SRC subsystem
group. This daemon is enabled by default in the /etc/inetd.conf file and can be
manipulated by the following SRC commands:

startsrc Starts a subsystem, group of subsystems, or a subserver.

stopsrc Stops a subsystem, group of subsystems, or a subserver.
lssrc Gets the status or a subsystem, group or subsystems, or a subserver.

Flags

-c Suppresses the sanity check of a host name lookup.

Runs your .profile file whenever you issues the rsh command in the non-interactive
-p mode. Without this flag, your .profile file is not run in case of the rsh command in
the non-interactive mode.
-s Turns on socket-level debugging.

Security

The rshd daemon is a PAM-enabled application with a service name of rsh. System-wide
configuration to use PAM for authentication is set by modifying the value of the
auth_type attribute, in the usw stanza of /etc/security/login.cfg, to PAM_AUTH as the
root user.

The authentication mechanisms used when PAM is enabled depend on the configuration
for the rsh service in /etc/pam.conf. The rshd daemon requires /etc/pam.conf entries for
the auth, account, and session module types. Listed below is a recommended
configuration in /etc/pam.conf for the rsh service:

#
# AIX rsh configuration
#
rsh auth sufficient /usr/lib/security/pam_rhosts_auth

rsh account required /usr/lib/security/pam_aix

rsh session required /usr/lib/security/pam_aix

Examples

1. To start the rshd daemon, type the following:

startsrc -t shell
 This command starts the rshd subserver.

2. To stop the rshd daemon, type the following:

stopsrc -t shell

This command allows all pending connections to start and existing connections to
complete but prevents new connections from starting.

3. To force stop the rshd daemon and all rshd connections, type the following:

stopsrc -t -f shell

This command terminates all pending connections and existing connections

immediately.

4. To display a short status report about the rshd daemon, type the following:

lssrc -t shell

This command returns the daemon's name, process ID, and state (active or
inactive).

Thank You,
Amit Sapre.