rlogin
Internet protocol suite |
---|
Application layer |
Transport layer |
Internet layer |
Link layer |
rlogin is a software utility for Unix-like computer operating systems that was first distributed as part of the 4.2BSD release. rlogin allows users to log in on another host via a network, using TCP port 513.
rlogin is also the name of the application layer protocol used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a daemon, rlogind, on the remote host. rlogin is similar to the Telnet command, but is not as customizable and is able to connect only to Unix-like hosts.
Use
rlogin is most commonly deployed on corporate and academic networks, where user account information is shared among all the Unix machines on the network (often using NIS). These deployments essentially trust all other machines (and the network infrastructure).
Security
rlogin has several serious security problems:
- All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
- The .rlogin (or .rhosts) file is easy to misuse (potentially allowing logins without a password) - for this reason many corporate system administrators prohibit .rlogin files and actively scrutinize their networks for offenders.
- The protocol partly relies on the remote party's rlogin client to provide information honestly, including source port and source host name. A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of authenticating other machines' identities, or ensuring that the requesting client on a trusted machine is the real rlogin client.
- The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of NFS's security faults automatically plague rlogin.
Due to these problems, rlogin was rarely used across untrusted networks (like the public internet) and even in closed deployments it fell into relative disuse (with many Unix and Linux distributions no longer including it by default). Many networks that formerly relied on rlogin and telnet have replaced it with SSH and its rlogin-equivalent slogin.[1][2]
Replacements
The original Berkeley package that provides rlogin also features rcp (remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security exposures. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.
See also
References
- This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.
- ↑ Sobell, Mark (2010). A Practical Guide to Linux Commands, Editors, and Shell Programming. Pearson Education, Inc. ISBN 978-0-13-136736-4.
- ↑ "Unix job control command list". Indiana University. Retrieved 20 December 2014.
External links
- rlogin(1): The Untold Story (PDF)
- RFC 1282 - BSD Rlogin
- rlogin - remote login - rloginman page.
- : remote login – Darwin and macOS General Commands Manual
- : remote login – Solaris 10 User Commands Reference Manual