rlogin

The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP (the protocol stack of the Internet).

The CSRG incorporated the r-commands into their Unix operating system, the Berkeley Software Distribution (BSD). The r-commands premiered in BSD v4.1. Among the programs in the suite are: (remote copy), (remote execution), (remote login), (remote shell), , , and (remote who).

The r-commands were a significant innovation, and became ''de facto'' standards for Unix operating systems. With wider public adoption of the Internet, their inherent security vulnerabilities became a problem, and beginning with the development of Secure Shell protocols and applications in 1995, its adoption entirely supplanted the deployment and use of r-commands (and Telnet) on networked systems.

Authentication

The original Berkeley package that provides rlogin also features rcp (remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd).

Commands

rlogin

enables a user to log in on another server via computer network, using TCP network port 513.

rlogin is also the name of the application layer protocol used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a daemon, rlogind, on the remote host. rlogin is similar to the Telnet command, but is not as customizable and is able to connect only to Unix-like hosts.

rsh

rsh opens a shell on a remote computer without a login procedure. Once connected, the user can execute commands on the remote computer through the shell's command-line interface. rsh passes input and output through the standard streams, and it sends standard output to the user's console. Over the network, standard input and standard out flow through TCP port 514, while Standard Error flows through a different TCP port, which the rsh daemon (rshd) opens.

rexec

Like rsh, rexec enables the user to run shell commands on a remote computer. However, unlike the rsh server, the rexec server (rexecd) requires login: it authenticates users by reading the username and password (unencrypted) from the network socket. rexec uses TCP port 512.

rcp

rcp can copy a file or directory from the local system to a remote system, from a remote system to the local system, or from one remote system to another. The command line arguments of cp and rcp are similar, but in rcp remote files are prefixed with the name of the remote system:

rcp file.txt subdomain.domain:~/home/foo/file.txt

As with the Unix copy command cp, rcp overwrites an existing file of the same name in the target; unlike cp, it provides no mechanism for warning the user before overwriting the target file. Like rsh, rcp uses TCP port 514.

rwho

Just as the who command lists the users who are logged in to the local Unix system, rwho lists those users who are logged into all multi-user Unix systems on the local network. rwho's daemon, rwhod, maintains a database of the status of Unix systems on the local network. The daemon and its database are also used by the ruptime program.

rstat

rstat returns performance statistics from the kernel.

ruptime

Just as the command shows how long a Unix system has been running since the last restart, requests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, then ruptime reports that the system is down. This information is tracked and stored by the daemon rwhod, which is also used by the rwho command.

Security

Those r-commands which involve user authentication (rcp, rexec, rlogin, and rsh) share several serious security vulnerabilities:

* All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
* The .rlogin (or .rhosts) file is easy to misuse. They are designed to allow logins without a password, but their reliance on remote usernames, hostnames, and IP addresses is exploitable. For this reason many corporate system administrators prohibit .rhosts files, and actively scrutinize their networks for offenders.
* The protocol partly relies on the remote party's rlogin client to provide information honestly, including source port and source host name. A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of authenticating other machines' identities, or ensuring that the requesting client on a trusted machine is the real rlogin client.
* The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of NFS's security faults automatically plague rlogin.

Due to these problems, the r-commands fell into relative disuse (with many Unix and Linux distributions no longer including them by default). Many networks that formerly relied on rlogin and telnet have replaced them with SSH and its rlogin-equivalent ''slogin''.

See also

*List of Unix commands

Notes

References

*

Further reading

*
*
*
*

External links

* , BSD Rlogin (1991)
*
*
*

{{Unix commands

Internet protocols
Internet Standards
Unix network-related software