World Library  
Flag as Inappropriate
Email this Article

Rlogin

Article Id: WHEBN0000711841
Reproduction Date:

Title: Rlogin  
Author: World Heritage Encyclopedia
Language: English
Subject: Remote Shell, PuTTY, POSIX terminal interface, ZOC (software), Synchronet
Collection: Internet Protocols, Internet Standards, Unix Network-Related Software
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Rlogin

rlogin is a software utility for Unix-like computer operating systems that allows users to log in on another host via a network, communicating via TCP port 513.

It was first distributed as part of the 4.2BSD release.

The rlogin homepage is at http://rlogin.sourceforge.net.

rlogin is also the name of the application layer protocol used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states that: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a daemon, rlogind, on the remote host. rlogin is similar to the Telnet command, but has the disadvantage of not being as customizable and being able to connect only to Unix hosts.

Contents

  • Use 1
  • Security 2
  • Replacements 3
  • See also 4
  • References 5
  • External links 6

Use

rlogin is most commonly deployed on corporate or academic networks, where user account information is shared between all the Unix machines on the network (often using NIS). These deployments essentially trust ALL other machines (and the network infrastructure).

Security

rlogin has several serious security problems:

  • All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
  • The .rlogin (or .rhosts) file is easy to misuse (potentially allowing anyone to log in without a password) - for this reason many corporate system administrators prohibit .rlogin files and actively search their networks for offenders.
  • The protocol partly relies on the remote party's rlogin client providing information honestly (including source port and source host name). A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of authenticating other machines' identities, or ensuring that the rlogin client on a trusted machine is the real rlogin client.
  • The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of NFS's security faults automatically plague rlogin.

Due to these serious problems rlogin was rarely used across untrusted networks (like the public internet) and even in closed deployments it has fallen into relative disuse (with many Unix and Linux distributions no longer including it by default). Many networks which formerly relied on rlogin and telnet have replaced it with SSH and its rlogin-equivalent slogin. [1][2]

Replacements

The original Berkeley package which provides rlogin also features rcp (remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security problems. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.

See also

References

  1. ^ Sobell, Mark (2010). A Practical Guide to Linux Commands, Editors, and Shell Programming. Pearson Education, Inc.  
  2. ^ "Unix job control command list". Indiana University. Retrieved 20 December 2014. 

External links

  • rlogin(1): The Untold Story (PDF)
  • RFC 1282 - BSD Rlogin
  • rlogin - remote login - rloginman page.
  • : remote login – Darwin and Mac OS X General Commands Manual
  • : remote login – Solaris 10 User Commands Reference Manual
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.