237 lines
4.3 KiB
Text
237 lines
4.3 KiB
Text
.TH CPU 1
|
|
.SH NAME
|
|
cpu \- connection to CPU server
|
|
.SH SYNOPSIS
|
|
.B cpu
|
|
[
|
|
.B -p
|
|
] [
|
|
.B -h
|
|
.I server
|
|
] [
|
|
.B -u
|
|
.I user
|
|
] [
|
|
.B -a
|
|
.I auth-method
|
|
] [
|
|
.B -P
|
|
.I patternfile
|
|
] [
|
|
.B -e
|
|
.I encryption-hash-algs
|
|
] [
|
|
.B -k
|
|
.I keypattern
|
|
] [
|
|
.B -c
|
|
.I cmd args ...
|
|
]
|
|
.PP
|
|
.B cpu
|
|
[
|
|
.B -n
|
|
] [
|
|
.B -A
|
|
.I address
|
|
] [
|
|
.B -R
|
|
]
|
|
.SH DESCRIPTION
|
|
This tool is deprecated and has been replaced by
|
|
.IR rcpu (1).
|
|
.PP
|
|
.I Cpu
|
|
starts an
|
|
.IR rc (1)
|
|
running on the
|
|
.I server
|
|
machine, or the machine named in the
|
|
.B $cpu
|
|
environment variable if there is no
|
|
.B -h
|
|
option.
|
|
.IR Rc 's
|
|
standard input, output, and error files will be
|
|
.B /dev/cons
|
|
in the name space where the
|
|
.I cpu
|
|
command was invoked.
|
|
Normally,
|
|
.I cpu
|
|
is run in an
|
|
.IR rio (1)
|
|
window on a terminal, so
|
|
.IR rc
|
|
output goes to that window, and input comes from the keyboard
|
|
when that window is current.
|
|
.IR Rc 's
|
|
current directory is
|
|
the working directory of the
|
|
.I cpu
|
|
command itself.
|
|
.PP
|
|
The name space for the new
|
|
.I rc
|
|
is an analogue of the name space where the
|
|
.I cpu
|
|
command was invoked:
|
|
it is the same except for architecture-dependent bindings such as
|
|
.B /bin
|
|
and the use of fast paths to file servers, if available.
|
|
.PP
|
|
If a
|
|
.B -u
|
|
argument is present,
|
|
.I cpu
|
|
uses the argument as the remote user id.
|
|
.PP
|
|
If a
|
|
.B -c
|
|
argument is present, the remainder of the command line is executed by
|
|
.I rc
|
|
on the server, and then
|
|
.I cpu
|
|
exits.
|
|
.PP
|
|
If a
|
|
.B -P
|
|
argument is present, the
|
|
.I patternfile
|
|
is passed to
|
|
.IR exportfs (4)
|
|
to control how much of the local name space will be exported to
|
|
the remote system.
|
|
.PP
|
|
The
|
|
.B -a
|
|
command allows the user to specify the authentication mechanism used
|
|
when connecting to the remote system. The two possibilities for
|
|
.I auth-method
|
|
are:
|
|
.TF netkey
|
|
.TP
|
|
.B p9
|
|
This is the default. Authentication is done using the standard Plan 9
|
|
mechanisms, (see
|
|
.IR authsrv (6)).
|
|
No user interaction is required.
|
|
.TP
|
|
.B netkey
|
|
Authentication is done using challenge/response and a hand held
|
|
authenticator or the
|
|
.I netkey
|
|
program
|
|
(see
|
|
.IR passwd (1)).
|
|
The user must encrypt the challenge and type the encryption
|
|
back to
|
|
.IR cpu .
|
|
This is used if the local host is in a different protection domain than
|
|
the server or if the user wants to log into the server as a different
|
|
user.
|
|
.TP
|
|
.B none
|
|
This skips authentication. This requires the
|
|
.IR -n
|
|
flag to be specified on the remote side.
|
|
.PD
|
|
.PP
|
|
The
|
|
.B -e
|
|
option specifies an encryption and/or hash algorithm to
|
|
use for the connection. If both are specified, they must
|
|
be space separated and comprise a single argument, so they
|
|
must be quoted if in a shell command. The default is
|
|
.L rc4_256
|
|
encryption and
|
|
.L sha1
|
|
hashing. See
|
|
.IR ssl (3)
|
|
for details on possible algorithms. The argument
|
|
.L clear
|
|
specifies no encryption algorithm and can be used to talk
|
|
to older versions of the
|
|
.I cpu
|
|
service.
|
|
.PP
|
|
The
|
|
.B -k
|
|
flag specifies a key pattern to use to restrict the keys
|
|
selected by the
|
|
.I auth_proxy
|
|
call used for authentication.
|
|
.PP
|
|
The name space is built by running
|
|
.B /usr/$user/lib/profile
|
|
with the root of the invoking name space bound to
|
|
.BR /mnt/term .
|
|
The
|
|
.B service
|
|
environment variable is set to
|
|
.BR cpu ;
|
|
the
|
|
.B cputype
|
|
and
|
|
.B objtype
|
|
environment variables reflect the server's architecture.
|
|
.PP
|
|
The
|
|
.B -R
|
|
flag causes
|
|
.I cpu
|
|
to run the server (remote) side of the protocol.
|
|
It is run from service files such as
|
|
.BR /bin/service/tcp17010 .
|
|
The
|
|
.B -n
|
|
option allows using the
|
|
.B none
|
|
authentication method for incoming connections and must be
|
|
specified before the
|
|
.B -R
|
|
flag.
|
|
.PP
|
|
The
|
|
.B -p
|
|
flag pushes the
|
|
.IR aan (8)
|
|
filter onto the connection to protect against temporary
|
|
network outages.
|
|
.PP
|
|
The
|
|
.B -A
|
|
flag sets the announce-string
|
|
.I address
|
|
to use for
|
|
.IR aan (8)
|
|
connections, if requested by the initial protocol.
|
|
.SH FILES
|
|
The name space of the terminal side of the
|
|
.I cpu
|
|
command is mounted, via
|
|
.IR exportfs (4),
|
|
on the CPU side on directory
|
|
.BR /mnt/term .
|
|
The files such as
|
|
.B /dev/cons
|
|
are bound to their standard locations from there.
|
|
.SH SOURCE
|
|
.B /sys/src/cmd/cpu.c
|
|
.SH SEE ALSO
|
|
.IR rcpu (1) ,
|
|
.IR rc (1) ,
|
|
.IR rio (1) ,
|
|
.IR exportfs (4) ,
|
|
.IR aan (8)
|
|
.SH BUGS
|
|
Binds and mounts done after the terminal
|
|
.B lib/profile
|
|
is run are not reflected in the new name space.
|
|
.PP
|
|
By default, the entire namespace of the local system is
|
|
exported to the remote system. Use of the
|
|
.B -P
|
|
option in conjunction with a customized patternfile can
|
|
limit this exposure, but also limits the usefulness of
|
|
.B /mnt/term.
|