Content deleted Content added
m mv {{FOLDOC}} to talk |
GoingBatty (talk | contribs) →top: fixed reference |
||
| (18 intermediate revisions by 9 users not shown) | |||
Line 1:
{{Short description|Suite of remote-access utilities}}
{{Infobox Software
| name = Berkeley r-commands
Line 22 ⟶ 20:
The CSRG incorporated the r-commands into their [[Unix]] [[operating system]], the [[Berkeley Software Distribution]] (BSD). The r-commands premiered in BSD v4.1.<ref name="McKusick"/> Among the programs in the suite are: {{code|rcp}} (remote [[File copying|copy]]), {{code|rexec}} (remote [[Execution (computing)|execution]]), {{code|rlogin}} (remote [[login]]), {{code|rsh}} (remote [[Shell (computing)|shell]]), {{code|rstat}}, {{code|ruptime}}, and {{code|rwho}} (remote [[who (Unix)|who]]).<ref name="McKusick"/><ref>{{cite book |title=Guide to TCP/IP: IPv6 and IPv4 |first1=James |last1=Pyles |first2=Jeffrey L. |last2=Carrell |first3=Ed |last3=Tittel |chapter=Which IP Services Are Most Vulnerable? |chapter-url=https://books.google.com/books?id=sQevDAAAQBAJ&pg=PA659 |page=659 |publisher=Cengage Learning |year=2017 |edition=5th |isbn=978-1-305-94695-8 |via=Google Books}}</ref>
The r-commands were a significant innovation, and became ''de facto'' standards for Unix operating systems.<ref>Casad (2008), p. [https://books.google.com/books?id=q81cs5140_YC&pg=PT346 346]</ref><ref>{{cite book |title=Red Hat Fedora Linux 2 Bible |last=Negus |first=Christopher |publisher=Wiley |isbn=0-7645-5745-9 |oclc=441918216 |chapter=About "r" Commands |chapter-url=https://www.wiley.com/legacy/compbooks/negus/rhbf2/r-commands.html |access-date=2018-03-04|date=2004-07-02 }}</ref> With wider public adoption of the Internet, their inherent security vulnerabilities became a problem,<ref>{{Cite
|url=https://dash.harvard.edu/bitstream/handle/1/16781951/sshVsTelnetWeb3.pdf?sequence=1|title=How and Why More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH|access-date=13 April 2023|author1=Nicholas Rosasco|author2=David Larochelle|website=Harvard University|format=Conference Paper|doi=10.1007/1-4020-8090-5_18|s2cid=19035681 }}</ref>
{| class="wikitable" style="clear:right; float:right; text-align:center; margin-left:3ex"
|+ Overview
Line 33 ⟶ 31:
| style="text-align:left" | rcp || style="text-align:left" | rshd || 514 || TCP ||
|-
| style="text-align:left" | {{code|rexec}} || style="text-align:left" | rexecd || 512 || TCP || <ref>{{cite book |chapter-url=https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.halu001/rexsyn.htm |chapter=REXEC command—Execute a command on the remote host and receive the results on your local host |title=z/OS Communications Server: IP User's Guide and Commands |orig-year=1990 |year=2013 |access-date=2018-03-04}}</ref>
|-
| style="text-align:left" | rlogin || style="text-align:left" | rlogind || 513 || TCP || <ref name="NAG">{{cite book |title=FreeBSD Network Administrators Guide |chapter-url=https://people.freebsd.org/~nik/nag/book.html#x-087-2-intro.tcpip.ports |chapter=More on Ports |access-date=2018-03-04}}</ref>
Line 44 ⟶ 42:
|-
| style="text-align:left" | rwho || <ref name="NAG"/><ref name="Casad-350"/>
|}
==Protocol==
The original Berkeley package that provides {{code|rlogin}} also features {{code|rcp}} (remote-copy, allowing files to be copied over the network) and [[Remote Shell|rsh]] (remote-shell, allowing commands to be run on a remote machine without the user logging into it
As an example, the protocol is as follows:<ref>{{Cite report |url=https://datatracker.ietf.org/doc/rfc1282/ |title=BSD Rlogin |last=Kantor |first=Brian |date=December 1991 |publisher=Internet Engineering Task Force |issue=RFC 1282}}</ref><syntaxhighlight lang="bash">
Client:
<null>
user name on the client<null>
user name on the server<null>
terminal type/terminal baud rate<null>
Server:
</syntaxhighlight>The server would check that the user should have access. If so, it returns a message with nothing in it (not even a [[null character]]), meaning the connection is established.
For example:<syntaxhighlight lang="bash">
Client:
<null>
bostic<null>
kbostic<null>
vt100/9600<null>
Server:
</syntaxhighlight>Both {{code|rlogin}} and {{code|rsh}} share the {{code|/etc/hosts.equiv}} (applies to all users on the server) and {{code|$HOME/.rhosts}} (applies to only the user that puts the file in its home folder) access-control scheme, although they connect to different daemons. {{code|rlogin}} connects to {{code|rlogind}}, while {{code|rsh}} connects to {{code|rshd}}.
{{code|hosts.equiv}} and {{code|.rhosts}} uses the same format. The following shows some aspects of the format:<ref>{{Cite web |title=.rhosts File Format for TCP/IP |url=https://www.ibm.com/docs/en/aix/7.2?topic=formats-rhosts-file-format-tcpip |access-date=2023-11-29 |website=www.ibm.com |language=en-us}}</ref><ref>{{Cite web |title=hosts.equiv File Format for TCP/IP |url=https://www.ibm.com/docs/en/aix/7.2?topic=formats-hostsequiv-file-format-tcpip |access-date=2023-11-29 |website=www.ibm.com |language=en-us}}</ref><syntaxhighlight lang="bash">
▲The original Berkeley package that provides rlogin also features rcp (remote-copy, allowing files to be copied over the network) and [[Remote Shell|rsh]] (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd).
host1
host2 user_a
-host3
+@group1 -user_b
-@group2
</syntaxhighlight>This allows all users from host1 to login, user_a from host2 to login, no users from host3, all users on group1 except user_b, and no users on group2.
==Commands==
Line 56 ⟶ 82:
{{code|rlogin}} enables a user to log in on another [[Server (computing)|server]] via [[computer network]], using [[Transmission Control Protocol|TCP]] [[network port]] 513.
{{code|rlogin}} is also the name of the [[application layer]] [[Communications protocol|protocol]] used by the software, part of the [[TCP/IP]] protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "The {{code|rlogin}} facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." {{code|rlogin}} communicates with a [[daemon (computer software)|daemon]], {{code|rlogind}}, on the remote host. {{code|rlogin}} is similar to the [[Telnet]] command, but is not as customizable and is able to connect only to Unix-like hosts.
===rsh===
{{Further|Remote Shell}}
{{code|rsh}} opens a [[Shell (computing)|shell]] on a remote computer without a [[login]] procedure. Once connected, the user can execute commands on the remote computer through the shell's [[command-line interface]]. {{code|rsh}} passes input and output through the [[standard streams]], and it sends [[standard output]] to the user's [[Virtual console|console]]. Over the network, [[standard input]] and standard out flow through TCP port 514, while [[Standard_streams#Standard_error_(stderr)|Standard Error]] flows through a different TCP port, which the {{code|rsh}} [[Daemon (computing)|daemon]] ({{code|rshd}}) opens.<ref>{{cite book |url=https://books.google.com/books?id=-hF7sqwrcrwC&pg=PA154 |title=CCSP: Secure PIX and Secure VPN Study Guide |last1=Edwards |first1=Wade |last2=Lancaster |first2=Tom |last3=Quinn |first3=Eric |last4=Rohm |first4=Jason |last5=Tow |first5=Bryant|publisher=[[Sybex]] |page=154 |isbn=0-7821-4287-7 |year=2004 |via=Google Books |access-date=2018-03-07}}</ref>
===rexec===
Like {{code|rsh}}, {{code|rexec}} enables the user to run shell commands on a remote computer. However, unlike the rsh server, the {{code|rexec}} server ({{code|rexecd}}) requires login: it authenticates users by reading the username and password (unencrypted) from the [[network socket]].<ref>{{cite web |url=http://www.manpagez.com/man/8/rexecd/ |title=rexecd(8) |website=manpagez.com |access-date=2018-03-03}}</ref> {{code|rexec}} uses TCP port 512.
===rcp===
{{code|rcp}} can copy a file or directory from the local system to a remote system, from a remote system to the local system, or from one remote system to another.<ref name="Farrell">{{cite web |url=https://earthsci.stanford.edu/computing/unix/netcommands/rcp.php |title=rcp |last=Farrell |first=Phillip |date=3 August 2004 |website=earthsci.stanford.edu |publisher=Stanford University School of Earth, Energy & Environmental Sciences |access-date=2018-03-06 |archive-date=2021-02-07 |archive-url=https://web.archive.org/web/20210207204751/https://earthsci.stanford.edu/computing/unix/netcommands/rcp.php |url-status=dead }}</ref> The command line [[Parameter (computer programming)|arguments]] of {{code|cp}} and {{code|rcp}} are similar, but in {{code|rcp}} remote files are prefixed with the name of the remote system:
rcp file.txt subdomain.___domain:~/home/foo/file.txt
As with the Unix copy command [[cp (Unix)|cp]], {{code|rcp}} overwrites an existing file of the same name in the target; unlike {{code|cp}}, it provides no mechanism for warning the user before overwriting the target file.<ref name="Farrell"/> Like {{code|rsh}}, {{code|rcp}} uses TCP port 514.<ref>{{cite web |url=http://sourcedaddy.com/networking/rlogin-rsh-and-rcp.html |title=Rlogin, RSH, and RCP |website=SourceDaddy |access-date=2018-02-18}}</ref>
===rwho===
Just as the [[who (Unix)|who]] command lists the users who are logged in to the local Unix system, {{code|rwho}} lists those users who are logged into all [[multi-user]] Unix systems on the local network.<ref>{{cite web |url=https://www.systutorials.com/docs/linux/man/1-rwho/ |title=rwho (1) - Linux Man Pages |access-date=2018-03-07}}</ref> {{code|rwho}}'s daemon, {{code|rwhod}}, maintains a database of the status of Unix systems on the local network. The daemon and its database are also used by the {{code|ruptime}} program.<ref name="syst_rwhod">{{cite web |url=https://www.systutorials.com/docs/linux/man/8-rwhod/ |title=rwhod (8) - Linux Man Pages |access-date=2018-03-07}}</ref>
===rstat===
{{code|rstat}} returns performance statistics from the kernel.
===ruptime===
Just as the {{code|uptime}} command shows how long a Unix system has been running since the last restart, {{code|ruptime}} requests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, then {{code|ruptime}} reports that the system is [[Downtime|down]].<ref>{{cite web |url=https://www.systutorials.com/docs/linux/man/1-ruptime/ |title=ruptime (1) - Linux Man Pages |website=SysTutorials |access-date=2018-03-07}}</ref> This information is tracked and stored by the daemon {{code|rwhod}}, which is also used by the rwho command.<ref name="syst_rwhod"/>
==Security==
Those r-commands which involve user authentication ({{code|rcp}}, {{code|rexec}}, {{code|rlogin}}, and {{code|rsh}}) share several serious security vulnerabilities:
* All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
* The {{code|.rlogin}} (or {{code|.rhosts}}) file is easy to misuse. They are designed to allow logins without a [[password]], but their reliance on remote usernames, hostnames, and IP addresses is exploitable. For this reason many corporate system administrators prohibit {{code|.rhosts}} files, and actively scrutinize their networks for offenders.
* The protocol partly relies on the remote party's {{code|rlogin}} client to provide information honestly, including source port and source host name. A
* The common practice of mounting users' home directories via
Due to these problems, the r-commands fell into relative disuse (with many Unix and [[Linux]] distributions no longer including them by default). Many networks that formerly relied on {{code|rlogin}} and {{code|telnet}} have replaced them with [[Secure shell|SSH]] and its {{code|rlogin}}-equivalent
==See also==
| |||