version 1.215, 2006/02/01 09:11:41 |
version 1.216, 2006/02/09 10:10:47 |
|
|
challenge-response authentication, |
challenge-response authentication, |
or password authentication. |
or password authentication. |
.Pp |
.Pp |
System security is not improved unless |
|
.Nm rshd , |
|
.Nm rlogind , |
|
and |
|
.Nm rexecd |
|
are disabled (thus completely disabling |
|
.Xr rlogin |
|
and |
|
.Xr rsh |
|
into the machine). |
|
.Sh COMMAND EXECUTION AND DATA FORWARDING |
|
If the client successfully authenticates itself, a dialog for |
If the client successfully authenticates itself, a dialog for |
preparing the session is entered. |
preparing the session is entered. |
At this time the client may request |
At this time the client may request |
|
|
forwarding TCP connections, or forwarding the authentication agent |
forwarding TCP connections, or forwarding the authentication agent |
connection over the secure channel. |
connection over the secure channel. |
.Pp |
.Pp |
Finally, the client either requests a shell or execution of a command. |
After this, the client either requests a shell or execution of a command. |
The sides then enter session mode. |
The sides then enter session mode. |
In this mode, either side may send |
In this mode, either side may send |
data at any time, and such data is forwarded to/from the shell or |
data at any time, and such data is forwarded to/from the shell or |
|
|
protocol versions 1.5 and 2.0. |
protocol versions 1.5 and 2.0. |
Niels Provos and Markus Friedl contributed support |
Niels Provos and Markus Friedl contributed support |
for privilege separation. |
for privilege separation. |
|
.Sh CAVEATS |
|
System security is not improved unless |
|
.Nm rshd , |
|
.Nm rlogind , |
|
and |
|
.Nm rexecd |
|
are disabled (thus completely disabling |
|
.Xr rlogin |
|
and |
|
.Xr rsh |
|
into the machine). |