Click here to Skip to main content
Click here to Skip to main content

Remote shell daemon (Rshd)

, 7 Oct 2003
Rate this:
Please Sign up or sign in to vote.
Example to shutdown all computers on the LAN automatically.

Sample Image - Rshd.gif

Introduction

The Rshd service has been available in all UNIX systems for a long time. The same service, called Rshsvc.exe, provided by Microsoft only shipped with the Windows NT/2000 Server Resource Kit and it was not included in any Windows XP versions. Several years ago, I wrote the Rshd Windows application for sending commands on remote computers on the same LAN. It is a Winsock multithreaded console application and not a true service. The Rshd Windows application, with full source code provided for Windows 95/98/ME/NT/2000/XP, was designed and implemented to be convenient with some security included. I expect that my work will not be harmful to Windows security.

Implementation

The Rshd executes all commands for the Rsh program available in both UNIX systems and Windows NT/2000/XP. There is no Rsh on Windows 95/98/ME, but I have provided the Rsh application with full source code running on all 32 bit Windows operating systems.

The Rshd and Rsh were designed by using the object-oriented methodology and implemented by using C++. Figure 1 shows the hierarchy of the CRshd and CRsh classes.

The class CWinSocket encapsulates part of the Windows Socket Functions API and is similar to the MFC CAsyncSocket class. The CWinSocket class can handle both TCP and UDP. Both Rshd and Rsh are WIN32 applications and they are independent of MFC.

Description

The above Rshd is slightly different from the Rshd service shipped with UNIX and Windows NT/2000 server, but their functions are similar. It also provides remote execution facilities with authentication based on privileged port numbers from trusted hosts based on the .rhosts file. The Rshd listens and accepts the Rsh client for service requests at the BSD reserved port (normally 513-1023, however the range 0-512 should be fine if the Rsh was designed and implemented by yourself. I have added comments in source code. Therefore, please read the source code if you want to understand how it works). When a service request is received, the Rshd does the following:

  1. Retrieves the name of the client to which a socket is connected and checks its port. If the port is not in the range 513-1023, the Rshd aborts the connection.
  2. The server reads characters from the socket up to a null byte. The resultant string is interpreted as a 10 based ASCII number.
  3. If the number received is non-zero, it is interpreted as the port number for a second connection to be used for the error feedback. The second connection is then created as a client to the specified port on the client's machine. The source port of this second connection is also in the range 513-1023.
  4. Checks the client's source address and requests the corresponding host name. If the hostname cannot be determined (under Windows 95/98/ME), the dot-notation representation of the host address is used. If address verification fails, the connection is aborted.
  5. A user name is retrieved on the initial socket. It is interpreted as the user identity on the client's machine (the Rsh sender).
  6. Validates the host and the user retrieved on the initial socket, based on the record listed in the user's .rhosts file located in the directory specified in the file Rshd.ini, which is located in the same directory as the Rshd (Rshd.exe).  
  7. A command to be passed to a shell is retrieved on the initial socket. The length of the command is limited to less than 8192 bytes.
  8. The command line is passed to the system call, which invokes cmd.exe command to interpret the command line.

Source code and projects

Source code consists of four projects: Rsh, Rshd, Stdn, and Utility. Rsh and Rshd are Win32 console applications, Stdn (Shutdown) is a MFC dialog based application, and Utility is a Win32 static library. If compiled successfully, they should be located in the Bin directory.

There are only two files Rsh.cpp/Rsh.h and Rshd.cpp/Rshd.h in the Rsh and Rshd projects, respectively. They contain many comments which can aid your understanding on how they work.

The Stdn project includes an important class CShutdown which contains two methods ShutdownNow and ShutdownAll. ShutdownNow is used to shutdown local computers and ShutdownAll to shutdown remote computers. However, ShutdownAll only works on Windows NT/2000/XP with administrator privileges.

The Utility project contains several useful classes:

  • CConfigFile: message logging and INI file reading class.
  • CLock: critical section wrapper class used by Rshd application.
  • CStr: string class. More details here.
  • CWinSocket and CWinSocketEx: Win32 socket wrapper classes used by Rsh and Rshd applications.
  • List: adopted from MFC List template. However, it is independent of MFC.

Case study: shutdown all computers on the LAN automatically

The Rshd and Rsh have successfully been applied to several power stations. The following step describes how to use Rshd and Rsh to access all computers by commands to each other on the LAN and shutdown them automatically. Assume that there are 6 computers running on different operating systems on the LAN: two UNIX, two Windows NT workstations, and two Windows 95. In this example, assume two UNIX host names are UHost1 and UHost2, and their user names are UUser1 and UUser2; two Windows NT workstations host names are WNT1 and WNT2, and their user names are WNTUser1 and WNTUser2; two Windows 95 host names are W951 and W952, and their user names are W95User1 and W95User2. An emergency shutdown device (button) is attached on WNT1.

  1. Create a directory on Windows computers, say C:\RS\Bin. The RS directory should contain .rhosts, Rsh.exe, Rshd.exe, Rshd.ini, and Shutdown.exe. Rsh.exe does not conflict with the Rsh program provided by Windows NT/2000/XP.
  2. Edit the .rhosts text file. The format of this file is host name followed by user name with tab or space delimited. It is loaded by Rshd.exe. The .rhosts should look like as follows (assume the following users login as the current user on each computer. However, many users may appear on the same host):
    ......
    UHost1      UUser1
    UHost2      UUser2
    WNT1       WNTUser1
    WNT2       WNTUser2
    W951        W95User1
    W952        W95User2
    …..
  3. Edit the Rshd.ini file. It is a standard Windows INI file and should look like follows:
    [Path]
    HostFile = C:\RS\Bin\.rhosts           ; host file location
    LogFile = C:\RS\Bin\rshd.log          ; log file location
     
    [Info]
    Debug = 1  ; 1 (or non zero): Log file records 
                        Rsh sender information; 0: not
  4. Create the Rshd.exe shortcut and put it into the Windows startup menu. When Windows starts up, Rshd.exe should be found in the Task Manager. If not, manually run it.
  5. Add the four Windows computers information into the .rhosts file on each UNIX computer. Please read UNIX manual on how to modify the .rhosts file. We assume that UUser1 and UUser2 have a Shutdown script file under their home directory, respectively. They have same privileges as root to run it. The Shutdown script does actual shutting down task.
  6. Create a batch file in C:\RS\Bin on WNT1. The batch file (invoked by pressing the emergency shutdown button) should look like the following:
    Rsh UHost1 Shutdown
    Rsh UHost2 Shutdown
    Rsh WNT2 C:\RS\Bin\Shutdown -d
    Rsh W951 C:\RS\Bin\Shutdown -d
    Rsh W952 C:\RS\Bin\Shutdown -d
    Shutdown -d
 

That is all for setting how to shutdown all computers on the LAN automatically. When the emergency shutdown button is pressed, all 6 computers should be shut down.

Security free consideration

The .rhosts and Rshd.ini files are not necessary if you consider writing your security free Rshd service. To do so, simply modify the Rshd.cpp and remove CheckConfFile, LoadRHostsFile, and CheckHostAndUserName function calls. However, security free Rshd service is dangerous and any computer on the same LAN can easily destroy the Rshd service computer system. It is a good practice setting .rhosts to only let the trusted computers to access.

Running Rshd on Windows operating systems may cause some security issues. I am not responsible for any damage in your computer system caused by using it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Yuantu Huang
Web Developer
Australia Australia
No Biography provided

Comments and Discussions

 
Questionfound 2 bugs in the code Pinmembermatt.ratus27-Sep-07 0:03 
QuestionNo EXE files in download Pinmemberrswain12-Nov-06 8:49 
QuestionExecutable on Win 2k? PinmemberBert Cohen26-Jun-06 9:31 
GeneralRSH using pure C Pinmemberjoefsg3-Jun-06 3:09 
Generalbinaries Pinmember993tt11-May-06 10:33 
Questioncompile on Visual Studio .NET 2003 ?? Pinmemberyaseeen4-May-06 23:00 
AnswerRe: compile on Visual Studio .NET 2003 ?? Pinmemberyaseeen5-May-06 0:03 
GeneralHow to compile in VS 2005 Pinmemberratass200221-May-06 7:58 
GeneralRe: How to compile in VS 2005 Pinmemberratass200221-May-06 8:40 
GeneralRegarding Problem using Demo Project Pinmemberntimesc2-Apr-06 20:18 
QuestionPASSWORD?? Pinmemberjoefsg25-Mar-06 22:53 
GeneralBinaries too Pinmembereeggaa22-Mar-06 5:15 
GeneralCompile error PinmemberURBANPROJECT3-Feb-06 5:35 
GeneralBinaries Too! Pinmembersilo_xtreme1-Feb-06 11:32 
GeneralDid anyone get copies of the binaries? -- I want too, please... Pinsusspaulbeam11-Jul-05 15:41 
Generalrcp from other machine : invalid port number PinmemberMichel GIRARD_TA15-Jun-05 22:11 
GeneralBinaries too! Pinmembercesarsouza31-Mar-05 12:48 
GeneralBinaries Pinmemberjairorod5-Jan-05 10:46 
Generalno execute Pinmemberjohnsevillano3316-Sep-04 13:26 
GeneralRe: no execute PinsussYuantu Huang22-Sep-04 14:54 
Generalbinary PinmemberDeepak Mahbubani1-Jul-04 22:07 
GeneralRe: binary PinsussYuantu Huang22-Sep-04 15:17 
Generalno error and no output; log: "have something wrong" PinmemberMark220-Jun-04 22:59 
GeneralRe: no error and no output; log: "have something wrong" PinsussYuantu Huang22-Sep-04 15:13 
GeneralCannot accept the error output socket PinmemberMark222-Sep-04 22:29 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140721.1 | Last Updated 8 Oct 2003
Article Copyright 2003 by Yuantu Huang
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid