Berkeley r-commands: Difference between revisions

{{copy edit| date = February 2017}}

'''rlogin''' is a [[software utility]] for [[Unix-like]] computer [[operating system]]s that was first distributed as part of the [[Berkeley Software Distribution|4.2BSD]] release. rlogin allows users to log in on another [[Server (computing)|host]] via a [[computer network|network]], communicating viausing [[Transmission Control Protocol|TCP]] [[TCP and UDP port|port]] 513.

rlogin is also the name of the [[application layer]] [[Communications protocol|protocol]] used by the software, part of the [[TCP/IP]] [[protocol suite]]. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states that: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a [[daemon (computer software)|daemon]], '''rlogind''', on the remote host. rlogin is similar to the [[Telnet]] command, but has the disadvantage ofis not being as customizable and beingis able to connect only to Unix hosts.

rlogin is most commonly deployed on corporate orand academic networks, where user account information is shared betweenamong all the Unix machines on the network (often using [[Network Information Service|NIS]]). These deployments essentially trust ALLall other machines (and the network infrastructure).

* The .rlogin (or .rhosts) file is easy to misuse (potentially allowing anyone to log inlogins without a [[password]]) - for this reason many corporate system administrators prohibit .rlogin files and actively searchscrutinize their networks for offenders.

* The protocol partly relies on the remote party's rlogin client providingto provide information honestly, including source port and source host name. A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of [[Authentication|authenticating]] other machines' identities, or ensuring that the rloginrequesting client on a trusted machine is the real rlogin client.

* The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of [[Network File System|NFS's]] security faults automatically plague rlogin.

Due to these serious problems, rlogin was rarely used across untrusted networks (like the public internet) and even in closed deployments it has fallenfell into relative disuse (with many Unix and [[Linux]] distributions no longer including it by default). Many networks whichthat formerly relied on rlogin and telnet have replaced it with [[Secure shell|SSH]] and its rlogin-equivalent ''slogin''. <ref name="Sobell">{{cite book|last=Sobell|first=Mark|title=A Practical Guide to Linux Commands, Editors, and Shell Programming|ISBN=978-0-13-136736-4|date=2010|publisher=Pearson Education, Inc}}</ref><ref name="iu">{{cite web|title=Unix job control command list|publisher=Indiana University|url=https://kb.iu.edu/d/afnw|accessdate=20 December 2014}}</ref>

The original Berkeley package whichthat provides rlogin also features [[rcp (Unix)|rcp]] (remote-copy, allowing files to be copied over the network) and [[Remote Shell|rsh]] (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security problemsexposures. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.