RSH Daemon on LINUX
When the rshd daemon receives a service request, it initiates the following protocol:
- The rshd daemon checks the source port number for the request. If the port number is not in the range 0 through 1023, the rshd daemon terminates the connection.
- The rshd daemon reads characters from the socket up to a null byte. The string read is interpreted as an ASCII number (base 10). If this number is nonzero, the rshd daemon interprets it as the port number of a secondary stream to be used as standard error. A second connection is created to the specified port on the client host. The source port on the local host is in the range 0 through 1023.
- The rshd daemon uses the source address of the initial connection request to determine the name of the client host. If the name cannot be determined, the rshd daemon uses the dotted decimal representation of the client host's address.
- The rshd daemon retrieves the following information from the initial socket:
- A null-terminated string of at most 16 bytes interpreted as the user name of the user on the client host.
- A null-terminated string of at most 16 bytes interpreted as the user name to be used on the local server host.
- Another null-terminated string interpreted as a command line to be passed to a shell on the local server host.
- The rshd daemon attempts to validate the user using the following steps:
- The rshd daemon looks up the local user name in the /etc/passwd file and tries to switch to the home directory (using the chdir subroutine). If either the lookup or the directory change fails, the rshd daemon terminates the connection.
- If the local user ID is a nonzero value, the rshd daemon searches the /etc/hosts.equiv file to see if the name of the client workstation is listed. If the client workstation is listed as an equivalent host, the rshd daemon validates the user.
- If the $HOME/.rhosts file exists, the rshd daemon tries to authenticate the user by checking the .rhosts file.
- If either the $HOME/.rhosts authentication fails or the client host is not an equivalent host, the rshd daemon terminates the connection.
- Once rshd validates the user, the rshd daemon returns a null byte on the initial connection and passes the command line to the user's local login shell. The shell then inherits the network connections established by the rshd daemon.