manual page

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10412 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/rsh/rsh.1

@@ -0,0 +1,218 @@
+.\"	$Id$
+.\"
+.Dd July 31, 2001
+.Dt RSH 1
+.Os HEIMDAL
+.Sh NAME
+.Nm rsh
+.Nd
+remote shell
+.Sh SYNOPSIS
+.Nm
+.Op Fl 45FGKdefnuxz
+.Op Fl U Pa string 
+.Op Fl p Ar port
+.Op Fl l Ar username
+.Ar host [command]
+.Sh DESCRIPTION
+.Nm
+authenticates to the 
+.Xr rshd 8 
+daemon on the remote
+.Ar host ,
+and then executes the specified 
+.Ar command .
+.Pp
+.Nm
+copies its standard input to the remote command, and the standard
+output and error of the remote command to its own.
+.Pp
+Valid options are:
+.Bl -tag -width Ds
+.It Xo
+.Fl 4 Ns ,
+.Fl -krb4
+.Xc
+The 
+.Fl 4 
+option requests Kerberos 4 authentication. Normally all supported
+authentication mechanisms will be tried, but in some cases more
+explicit control is desired.
+.It Xo
+.Fl 5 Ns ,
+.Fl -krb5
+.Xc
+The 
+.Fl 5
+option requests Kerberos 5 authentication. This is analogous to the 
+.Fl 4
+option.
+.It Xo
+.Fl K Ns ,
+.Fl -broken
+.Xc
+The 
+.Fl K
+option turns off all Kerberos authentication. The long name implies
+that this is more or less totally unsecure. The security in this mode
+relies on reserved ports, which is not very secure.
+.It Xo
+.Fl n Ns ,
+.Fl -no-input
+.Xc
+The 
+.Fl n
+option directs the input from the 
+.Pa /dev/null
+device (see the
+.Sx BUGS
+section of this manual page).
+.It Xo
+.Fl e Ns ,
+.Fl -no-stderr
+.Xc
+Don't use a separate socket for the stderr stream. This can be
+necessary if rsh-ing through a NAT bridge.
+.It Xo
+.Fl x Ns ,
+.Fl -encrypt
+.Xc
+The
+.Fl x
+option enables encryption for all data exchange. This is only valid
+for Kerberos authenticated connections (see the
+.Sx BUGS
+section for limitations).
+.It Xo
+.Fl z
+.Xc
+The opposite of
+.Fl x .
+This is the default, but encryption can be enabled when using
+Kerberos 5, by setting the 
+.Li libdefaults/encrypt
+option in
+.Xr krb5.conf 5 .
+.It Xo
+.Fl f Ns ,
+.Fl -forward
+.Xc
+Forward Kerberos 5 credentials to the remote host. Also controlled by 
+.Li libdefaults/forward
+in 
+.Xr krb5.conf 5 .
+.It Xo
+.Fl G
+.Xc
+The opposite of 
+.Fl f .
+.It Xo
+.Fl F Ns ,
+.Fl -forwardable
+.Xc
+Make the forwarded credentials re-forwardable. Also controlled by 
+.Li libdefaults/forwardable
+in 
+.Xr krb5.conf 5 .
+.It Xo
+.Fl u Ns ,
+.Fl -unique
+.Xc
+Make sure the remote credentials cache is unique, that is, don't reuse
+any existing cache. Mutually exclusive to
+.Fl U .
+.It Xo
+.Fl U Pa string Ns ,
+.Fl -tkfile= Ns Pa string
+.Xc
+Name of the remote credentials cache. Mutually exclusive to
+.Fl u .
+.It Xo
+.Fl p Ar number-or-service Ns ,
+.Fl -port= Ns Ar number-or-service
+.Xc
+Connect to this port instead of the default (which is 514 when using
+old port based authentication, 544 for Kerberos 5 and non-encrypted
+Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to
+the contents of
+.Pa /etc/services ) .
+.It Xo
+.Fl l Ar string Ns ,
+.Fl -user= Ns Ar string
+.Xc
+By default the remote username is the same as the local. The
+.Fl l
+option or the
+.Pa username@host
+format allow the remote name to be specified.
+.El
+.\".Pp
+.\"Without a 
+.\".Ar command 
+.\".Nm
+.\"will just exec
+.\".Xr rlogin 1
+.\"with the same arguments.
+.Sh EXAMPLES
+Care should be taken when issuing commands containing shell meta
+characters. Without quoting these will be expanded on the local
+machine.
+.Pp
+The following command:
+.Pp
+.Dl rsh otherhost cat remotefile > localfile
+.Pp
+will write the contents of the remote
+.Pa remotefile
+to the local
+.Pa localfile ,
+but:
+.Pp
+.Dl rsh otherhost 'cat remotefile > remotefile2'
+.Pp
+will write it to the remote
+.Pa remotefile2 .
+.\".Sh ENVIRONMENT
+.Sh FILES
+.Bl -tag -width /etc/hosts -compact
+.It Pa /etc/hosts
+.El
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr rlogin 1 ,
+.Xr krb_realmofhost 3 ,
+.Xr krb_sendauth 3 ,
+.Xr hosts.equiv 5 ,
+.Xr krb5.conf 5 ,
+.Xr rhosts 5 ,
+.Xr kerberos 8
+.Xr rshd 8
+.\".Sh STANDARDS
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
+.Sh AUTHORS
+This implementation of
+.Nm
+was written as part of the Heimdal Kerberos 5 implementation.
+.Sh BUGS
+Some shells (notably
+.Xr csh 1 )
+will cause 
+.Nm 
+to block if run in the background, unless the standard input is directed away from the terminal. This is what the 
+.Fl n
+option is for.
+.Pp
+The 
+.Fl x
+options enables encryption for the session, but for both Kerberos 4
+and 5 the actual command is sent unencrypted, so you should not send
+any secret information in the command line (which is probably a bad
+idea anyway, since the command line can usually be read with tools
+like
+.Xr ps 1 ) .
+Forthermore in Kerberos 4 the command is not even integrity
+protected, so anyone with the right tools can modify the command.