Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
A plus plus
High Tech Computer...
I2P
Defacement
Linux
Visual Prolog
Archer Software
recommendation
compare webbrowser
Freenet DSL
Who's Online
7 user(s) are online (6 user(s) are browsing encyclopedia)

Members: 0
Guests: 7

more...
browser tip
Unix Befehle
manual of unix befehle
recommendation!
Sponsored
partner

Rlogin

In command, but has the disadvantage of not being as customizable and being able to connect only to Unix hosts.

rlogin is most commonly deployed on corporate or academic networks, where user account information is shared between all the unix machines on the network (often using Network Information Service). These deployments essentially trust most other machines (and the network infrastructure itself) and the rlogin protocol relies on this trust. rlogind allows logins without password (where rlogind trusts a remote rlogin client) if the remote host appears in the /etc/hosts.equiv file, or if the user in question has a .rhosts file in their home directory (which is frequently shared using Network File System).

rlogin has several serious security problems:

  • All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
  • The .rlogin (or .rhosts) file is easy to misuse (potentially allowing anyone to login without a password) - for this reason many corporate system administrators prohibit .rlogin files and actively search their networks for offenders.
  • The protocol partly relies on the remote party s rlogin client providing information honestly (including source port and source host name). A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of authenticating other machines identities, or ensuring that the rlogin client on a trusted machine is the real rlogin client.
  • The common practice of mounting users home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of NFS (legion) security faults automatically plague rlogin.

    • Due to these serious problems rlogin was rarely used across untrusted networks (like the public internet) and even in closed deployments it has fallen into relative disuse (with many Unix and Linux distributions no longer including it by default). Many networks which formerly relied on rlogin and telnet have replaced it with Secure shell and its rlogin-equivalent slogin.

    The original Berkeley package which provides rlogin also features Rcp (remote-copy, allowing files to be copied over the network) and Rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it). These share the hosts.equiv and .rhosts access-control scheme (although they connect to a different daemon, rshd), and as such suffer from the same security problems. The ssh suite contains suitable replacements for both: scp replaces rcp, and ssh itself replaces both rlogin and rsh.

    =External links=

  • [http://www.cert.org/archive/pdf/98tr017.pdf rlogin(1): The Untold Story (PDF)]
  • [http://www.faqs.org/rfcs/rfc1258.html RFC 1258 - BSD Rlogin]
  • [http://www.cs.princeton.edu/cgi-bin/man2htmlrlogin:1 Man page] (Unix manual)
    		•