SASH(8)                Remote Root's Manual               SASH(8)

NAME
       sash - remote administration shell

SYNOPSIS
       sash [-f file [-h host]] [-V] [-v]

DESCRIPTION
       sash  (stealth  administrator shell) is the user interface
       for communication with the  SAdoor  (Stealth  Admin  door)
       daemon.

       sash  sends  the  required packets to "wake up" SAdoor and
       run the given command on the target machine. In  order  to
       send the correct packets, an encrypted file containing the
       target specific security settings is required.

       The command can either be a regular shell  command,  alias
       or  a  builtin  command, depending on the configuration of
       the remote daemon. An alias is a predefined shell  command
       and  a  bultin command is a hardcoded procedure within the
       daemon.

       It is possible to set settings  for  a  specific  host  as
       active, which means that all single-host commands given to
       the shell is sent to the active host.

       Command line options:

       -f file
              Load security settings for all hosts in  file  file
              before entering interactive mode.

       -h host
              Set  security settings for host host as active when
              file file is loaded.

       -V
              Print version and exit

       -v
              Verbose level, repeat to be more verbose. The  max-
              imium level is 3.
       
       Commands available in interactive mode:

       ! command
              Invoke an interactive shell to run command.

       addr [random | local | host]
              Print  or set key port sender address.  The default
              is to use the local address.

              random
                     Random address for each packet
              local
                     Use local address as sender address
              host
                     Use address of host as sender address

       del [msec]
              Print or set delay in milli-seconds  between  pack-
              ets.  Default is 10.

       file [file]
              Print  path  to  loaded file, or load security set-
              tings for all hosts in file file.

       fwd command
              If the active host supports the  builtin  "forward"
              command,  the  command command is sent as a command
              of which output should be forwarded to the  address
              set  by  fwdaddr.   If  the  active  host  supports
              encryption and fwdcrypt is set to on, all data for-
              warded from target host is sent encrypted.

              Note  that  this command is equivalent to 'send fwd
              host port -e command'.

       fwdaddr [host port | local | clear]
              Print, set or clear address  used  as  receiver  of
              command-output  when  sending the builtin "forward"
              command  using the shell commands fwd  and  fwdall.
              The  default is no address at all, which means that
              the user must set this  address  before  using  the
              fwdall or fwd command.

              host port
                     Forward  command-output  from target host to
                     port on host.
              local
                     Use any available port on local  machine  to
                     receive  command-output from target host. If
                     fwdcrypt is set to on, all data received  is
                     decrypted  before  it is written to standard
                     output.
              clear
                     Unset address used to receive command-output
                     from target host.

       fwdall command
              All  hosts in loaded file that supports the builtin
              "forward" command is sent the command command as  a
              command  of which output should be forwarded to the
              address set by fwdaddr.  If fwdcrypt is set to  on,
              all hosts that supports encryption will encrypt the
              data before it is forwarded.

       fwdcrypt [on | off]
              Turn encryption of forwarded data from target  host
              on  or  off.   If  no argument is given the current
              setting is printed.  The default setting is on.

       help [command]
              Print local help information  for  command  or  all
              commands available if no argument is given.
       hist
              Print last 100 commands sent.

       host [host]
              Print active host, or set host as active.

       info [target | sec | alias | builtin | sh]
              Print shell or active host settings. If no argument
              is given information for all available  classes  is
              printed.

              target
                     Print  information  about  active  host (OS,
                     SAdoor version ..).
              sec
                     Print  security  settings  for  active  host
                     (Blowfish key, key ports ..).
              alias
                     Print alias defined for active host.
              builtin
                     Print  builtin  commands available on active
                     host.
              sh
                     Print current shell settings.

       list [-d]
              List all hosts available  in  loaded  file.  If  -d
              option is used, hostnames is not resolved.

       port [random | port]
              Print or set source port for outgoing packets.

              random
                     Use a random port for each packet.
              port
                     Use port as source port on all packets.

       quit/exit
              Exit SAsh

       send command
              Send command to active host

       sendall command
              Send command to all hosts in loaded file.

       timeout [sec]
              Print  or set timeout value in seconds for connect-
              back from target  host  when  sending  the  builtin
              "forward"  command and fwdaddr is set to local. The
              default timeout is 10 seconds.

       ttl [random | ttl]
              Set or print IP time-to-live.

              random
                     Use a random value between 48-255  for  each
                     packet.
              ttl
                     Use  ttl  as  time-to-live  for all outgoing
                     packets.

       verbose [0..3]
              Print or set verbose level. Maximum level is 3  and
              default is 0.

SEE ALSO
       sadoor(8), sacat(1)

AUTHOR
       Claes M. Nyberg

       <cmn@darklab.org> or <md0claes@mdstud.chalmers.se>

DISTRIBUTION
       sash is part of SAdoor wich can be obtained from

              http://cmn.listprojects.darklab.org/

       sash  uses  libblowfish, which is shipped with SAdoor.  It
       is copyrighted by Eric Young (eay@cryptsoft.com).

BUGS
       Please report bugs to the author.

SAsh version 0.3.1 beta     July 26 2002                   SASH(8)

