Rlogin
Encyclopedia
rlogin is a software utility for Unix-like
computer operating system
s that allows users to log in on another host
via a network
, communicating via TCP
port
513.
It was first distributed as part of the 4.2BSD
release.
rlogin is also the name of the application layer
protocol
used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states that: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a daemon
, rlogind, on the remote host. rlogin is similar to the Telnet
command, but has the disadvantage of not being as customizable and being able to connect only to Unix hosts.
). These deployments essentially trust ALL other machines (and the network infrastructure itself) and the rlogin protocol relies on this trust. rlogind allows logins without password (where rlogind trusts a remote rlogin client) if the remote host appears in the /etc/hosts.equiv file, or if the user in question has a .rhosts file in their home directory
(which is frequently shared using NFS).
Due to these serious problems rlogin was rarely used across untrusted networks (like the public internet) and even in closed deployments it has fallen into relative disuse (with many Unix and Linux
distributions no longer including it by default). Many networks which formerly relied on rlogin and telnet have replaced it with SSH
and its rlogin-equivalent slogin.
(remote-copy, allowing files to be copied over the network) and rsh
(remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security problems. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
computer operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s that allows users to log in on another host
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
via a network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
, communicating via TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
port
TCP and UDP port
In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host, as well as the type of protocol used for communication...
513.
It was first distributed as part of the 4.2BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
release.
rlogin is also the name of the application layer
Application layer
The Internet protocol suite and the Open Systems Interconnection model of computer networking each specify a group of protocols and methods identified by the name application layer....
protocol
Communications protocol
A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications...
used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states that: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a daemon
Daemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
, rlogind, on the remote host. rlogin is similar to the Telnet
TELNET
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection...
command, but has the disadvantage of not being as customizable and being able to connect only to Unix hosts.
Use
rlogin is most commonly deployed on corporate or academic networks, where user account information is shared between all the Unix machines on the network (often using NISNetwork Information Service
The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
). These deployments essentially trust ALL other machines (and the network infrastructure itself) and the rlogin protocol relies on this trust. rlogind allows logins without password (where rlogind trusts a remote rlogin client) if the remote host appears in the /etc/hosts.equiv file, or if the user in question has a .rhosts file in their home directory
Home directory
A Home directory is a file system directory on a multi-user operating system containing files for a given user of the system. The specifics of the home directory is defined by the operating system involved; for example, Windows systems between 2000 and 2003 keep home directories in a folder...
(which is frequently shared using NFS).
Security
rlogin has several serious security problems:- All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
- The .rlogin (or .rhosts) file is easy to misuse (potentially allowing anyone to login without a password) - for this reason many corporate system administrators prohibit .rlogin files and actively search their networks for offenders.
- The protocol partly relies on the remote party's rlogin client providing information honestly (including source port and source host name). A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of authenticating other machines' identities, or ensuring that the rlogin client on a trusted machine is the real rlogin client.
- The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of NFS's security faults automatically plague rlogin.
Due to these serious problems rlogin was rarely used across untrusted networks (like the public internet) and even in closed deployments it has fallen into relative disuse (with many Unix and Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
distributions no longer including it by default). Many networks which formerly relied on rlogin and telnet have replaced it with SSH
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
and its rlogin-equivalent slogin.
Replacements
The original Berkeley package which provides rlogin also features rcpRcp (Unix)
rcp stands for the Unix 'remote copy' command. It is a command on the Unix operating systems that is used to remotely copy—to copy one or more files from one computer system to another...
(remote-copy, allowing files to be copied over the network) and rsh
Remote Shell
The remote shell is a command line computer program that can execute shell commands as another user, and on another computer across a computer network.The remote system to which rsh connects runs the rshd daemon...
(remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security problems. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.
External links
- rlogin(1): The Untold Story (PDF)
- RFC 1282 - BSD Rlogin
- rlogin - remote login - rloginman page.