rlogin Command

Edit online

Purpose

Connects a local host with a remote host.

Syntax

rlogin RemoteHost [ -e Character ] [ -8 ] [ -l User ] [ -f | -F ] [ -k realm]

Description

The /usr/bin/rlogin command logs into a specified remote host and connects your local terminal to the remote host.

The remote terminal type is the same as that given in the TERM local environment variable. The terminal or window size is also the same, if the remote host supports them, and any changes in size are transferred. All echoing takes place at the remote host, so except for delays, the terminal connection is transparent. The Ctrl-S and Ctrl-Q key sequences stop and start the flow of information, and the input and output buffers are flushed on interrupts.

Remote Command Execution

When using the rlogin command, you can create a link to your path using a host name as the link name. For example:

ln -s /usr/bin/rsh HostName

Entering the host name specified by the HostName parameter with an argument (command) at the prompt, automatically uses the rsh command to remotely execute the command specified on the command line of the remote host specified by the HostName parameter.

Entering the host name specified by the HostName parameter without an argument (command) at the prompt, automatically uses the rlogin command to log in to the remote host specified by the HostName parameter.

In addition to the preceding conditions, the rlogin command also allows access to the remote host if the remote user account does not have a password defined. However, for security reasons, the use of a password on all user accounts is recommended.

The rlogin command execs (using the exec command) the /usr/sbin/login file to validate a user. This 1) allows all user and device attributes to take effect on telnet connections and 2) causes remote logins to count against the maximum number of login sessions allowable at a time (determined by the maxlogins attribute). Attributes are defined in the /etc/security/user and /etc/security/login.cfg files.

POSIX Line Discipline

The rlogind and telnetd daemons use POSIX line discipline to change the line discipline on the local TTY. If POSIX line discipline is not used on the local TTY, echoing other line disciplines may result in improper behavior. TCP/IP must have POSIX line discipline to function properly.

Flags

Item Description
-8 Allows an 8-bit data path at all times. Otherwise, unless the start and stop characters on the remote host are not Ctrl-S and Ctrl-Q, the rlogin command uses a 7-bit data path and parity bits are stripped.
-e Character Changes the escape character. Substitute the character you choose for Character.
-f Causes the credentials to be forwarded. This flag will be ignored if Kerberos 5 is not the current authentication method. Authentication will fail if the current DCE credentials are not marked forwardable.
-F Causes the credentials to be forwarded. In addition, the credentials on the remote system will be marked forwardable (allowing them to be passed to another remote system). This flag will be ignored if Kerberos 5 is not the current authentication method. Authentication will fail if the current DCE credentials are not marked forwardable.
-k realm Allows the user to specify the realm of the remote station if it is different from the local systems realm. For these purposes, a realm is synonymous with a DCE cell. This flag will be ignored if Kerberos 5 is not the current authentication method.
-l User Changes the remote user name to the one you specify. Otherwise, your local user name is used at the remote host.

Security

There are multiple authentication methods, each requiring different things to be set in order to allow the connection.

For Standard Authentication

The remote host allows access only if one or both of the following conditions is satisfied:

  • The local host is included in the remote $HOME/.rhosts file in the remote user account.

Although you can set any permissions for the $HOME/.rhosts file, it is recommended that the permissions of the .rhosts file be set to 600 (read and write by owner only).

Note: The AUTHSTATE environment variable indicates the registry to which the user authenticates. For example, an LDAP user that is defined on the LDAP server has the AUTHSTATE set to LDAP if the user logs in to the remote system with a password. But if a user is authenticated through an entry in the $HOME/.rhosts and /etc/hosts.equiv files, the AUTHSTATE environment variable for that user is set to compat regardless of where the user ID is defined.

For Kerberos 5 Authentication

The remote host allows access only if all of the following conditions are satisfied:

  • The local user has current DCE credentials.
  • The local and remote systems are configured for Kerberos 5 authentication (On some remote systems, this may not be necessary. It is necessary that a daemon is listening to the klogin port).
  • The remote system accepts the DCE credentials as sufficient for access to the remote account. See the html