cpu – secure connection to CPU server|
cpu [ –h server ] [ –u user ] [ –t ] [ –a auth–method ] [ –P patternfile
] [ –e encryption–hash–algs ] [ –k keypattern ] [ –c cmd args ... ]
cpu [ –C cert ] [ –t ] –R
Cpu starts an rc(1) running on the server machine, or the machine
named in the $cpu environment variable if there is no –h option.
Rc's standard input, output, and error files will be /dev/cons
in the name space where the cpu command was invoked. Normally,
cpu is run in an rio(1) window on a terminal, so rc
output goes to that window, and input comes from the keyboard
when that window is current. Rc's current directory is the working
directory of the cpu command itself. |
The name space for the new rc is an analogue of the name space where the cpu command was invoked: it is the same except for architecture–dependent bindings such as /bin and the use of fast paths to file servers, if available.
If a –u argument is present, cpu uses the argument as the remote user id.
If a –c argument is present, the remainder of the command line is executed by rc on the server, and then cpu exits.
If a –P argument is present, the patternfile is passed to exportfs(4) to control how much of the local name space will be exported to the remote system.
The –a command allows the user to specify the authentication mechanism
used when connecting to the remote system. The two possibilities
for auth–method are:
The –k flag specifies a key pattern to use to restrict the keys selected by the auth_proxy call used for authentication.
The name space is built by running /usr/$user/lib/profile with the root of the invoking name space bound to /mnt/term. The service environment variable is set to cpu; the cputype and objtype environment variables reflect the server's architecture.
The –R flag causes cpu to run the server (remote) side of the protocol,
and must be the final option. It is run from service files such
as /bin/service/tcp1701. With –t, cpu will expect a TLS connection;
without it, cpu will expect an SSLv2 connection. –C names an alternate
pem(8)–encoded cert for TLS,
and implies –t.
/sys/lib/ssl/cert.pem default certificate |
The name space of the terminal side of the cpu command is mounted,
via exportfs(4), on the CPU side on directory /mnt/term. The files
such as /dev/cons are bound to their standard locations from there.
rc(1), rio(1), tls(3), exportfs(4), drawterm(8)|
Binds and mounts done after the terminal lib/profile is run are
not reflected in the new name space. |
When using the –a option to `log in' as another user, be aware that resources in the local name space will be made available to that user.
SSLv2 is deprecated.