 |
Index for
Section 1 |
|
 |
Alphabetical
listing for R |
|
 |
Bottom of
page |
|
rlogin(1)
NAME
rlogin - Logs a user into a remote host
SYNOPSIS
rlogin [-8Lfx] [-e character] [-l user] remote_host
OPTIONS
-8 Allows an 8-bit data path at all times. Otherwise, unless the Stop and
Continue key sequences on the remote host are not standard, rlogin uses
a 7-bit data path and the eighth (high) bit of each byte is stripped.
-e character
Changes the Escape character. Substitute the character you choose for
character.
-f Copies your Kerberos ticket from the local host to the remote host to
establish your Kerberos credentials on the remote host. This option
requires that the local and remote hosts be configured to use Kerberos
authentication in the same or trusting Kerberos realms. The Kerberos
ticket will remain on the remote host until it either expires or it is
explicitly destroyed. The -f option is ignored when used with the -l
option.
-l username
Specifies to log into the remote host using the specified username
instead of the local username. If this option is not specified, the
local and remote usernames are the same.
-L Allows the rlogin session to be run in litout mode. In this mode, the
escape sequence ~. (where ~ is the escape character) disconnects you
from the remote host and the escape sequence ~^Z (where ^Z, or Ctrl-Z,
is the suspend character) suspends the rlogin session if you are using
csh.
-x Encrypts the data transmitted between the local host and the remote
host. This option requires that the local and remote hosts be
configured to use Kerberos authentication in the same or trusting
Kerberos realms.
DESCRIPTION
The rlogin command logs a user into a remote host that is running the
rlogind daemon. Alternatively, you can use the telnet command (if
supported).
The remote terminal type is the same as that given in the local TERM
environment variable. The terminal or window size is also the same, if the
remote host supports them, and any changes in size are transferred. All
echoing takes place at the remote host, so except for delays, the terminal
connection is transparent. Pressing the Stop and Continue key sequences
stops and starts the flow of information, and the input and output buffers
are flushed on Interrupts.
Unless otherwise modified by the -e option, the standard Escape character
for disconnecting from the remote host is a ~ (tilde). The Escape character
is only recognized by the remote host if it occurs at the beginning of a
line. Otherwise, the Escape character is sent to the remote host as a
normal character. To send the Escape character to the remote host as a
normal character at the beginning of a line, press the Escape character
twice. Pressing the Escape character and a (dot) (for example, ~.)
immediately disconnects the local terminal from the remote host.
The way that the remote host authenticates a user and transmits data
depends on if the local and remote hosts are using a basic connection or a
secure connection (Kerberos or Secure Shell). Basic and secure connections
provide user authentication; however, a secure connection also provides
client and server authentication, data encryption, data integrity, and
nonrepudiation.
Basic Connection
A basic connection is one where the rlogin command connects to the remote
host and the remote host authenticates the user if one of the following
conditions is satisfied:
· If the local user ID is the root user, and the name of the local host
is listed as an equivalent host in the /etc/hosts.equiv file on the
remote host.
· If the local user ID is the root user or if the check of
/etc/hosts.equiv fails, the user's home directory on the remote host
must contain a $HOME/.rhosts file that lists the local host name and
user name. The $HOME/.rhosts file must be owned by either the remote
user or the root user, and have permissions set to 600 (read and write
by owner only).
· If neither of the previous conditions are met and a password is
defined for the user account on the remote host, the remote host
prompts for a password. The remote host checks its password file to
verify the password entered. The login prompt is displayed if the
password is not correct. Pressing the End-of-File key sequence at the
login prompt ends the remote login attempt.
The rlogin command allows access to the remote host if the remote user
account does not have a password defined. However, for security reasons,
use of a password on all user accounts is recommended.
Secure Connection
A secure connection is one where the rlogin command connects to the remote
host by using either Kerberos or Secure Shell. Kerberos and Secure Shell
are client/server applications that authenticate the client, server, and
user; encrypt data; and ensure data integrity and nonrepudiation. See your
system administrator to determine if your system is running Kerberos or
Secure Shell software. See the Security Administration guide for more
information about Kerberos and Secure Shell.
Kerberos
Kerberos does not use the /etc/host.equiv file or the $HOME/.rhosts file
for authentication. Kerberos authenticates by using secret-key cryptography
and tickets between Kerberos clients and Kerberos servers in the same or
trusting Kerberos realms. Once authenticated by Kerberos, users receive a
Kerberos Ticket Granting Ticket (TGT). Users with a valid TGT are not
prompted for a username or password when the remote host is in the same or
trusting Kerberos realm.
Secure Shell
Secure Shell authenticates users by using passwords, host-based
identification, or public and private keys between Secure Shell clients and
servers.
By default, the rlogin command will use Kerberos (with a valid TGT) when a
system is configured to use both Kerberos and Secure Shell.
To use Secure Shell to log in to a remote host, enter the Secure Shell ssh2
(or ssh) command instead of the rlogin command. The ssh2 command provides
the same functionality and options as the rlogin command over a secure
connection. See ssh2(1) for more information on using the Secure Shell ssh2
command.
Alternatively, you can configure the rsh, rlogin, and rcp commands and
applications that use the rcmd() function to automatically use a Secure
Shell connection by enabling the Secure Shell EnforceSecureRutils keyword
in the /etc/ssh2/ssh2_config file or in a user's $HOME/.ssh2/ssh2_config
file. When the EnforceSecureRutils keyword is enabled:
· The sshd daemon runs and spawns the srcmd child process; the rlogind
daemon does not run.
· The rlogin command can use Secure Shell password or host-based
authentication to authenticate users.
See Security Administration for more information about configuring Secure
Shell password and host-based authentication and the EnforceSecureRutils
keyword.
After it is determined that Secure Shell will be used, all authentication
and communication between the client and server will use the Secure Shell
connection. A connection is not established if a user cannot be
authenticated.
EXAMPLES
In the following examples, the local host is listed in the /etc/hosts.equiv
file at the remote host:
1. To log in to a remote host with your local username, enter:
$ rlogin host2
Password: <Enter password>
To log off the remote host and close the connection, enter the End-
of-File key sequence.
2. To log in to a remote host with a different username, enter:
$ rlogin host2 -l dale
You are prompted to enter your password and then are logged in to the
remote host host2 with the username dale.
3. To log in to host2 with the your local username and change the Escape
character to \ (backslash), enter:
$ rlogin host2 -e\\
The following examples use Kerberos. The local host host1 and the remote
host host2 are in the same Kerberos realm.
1. To log into the remote host over an encrypted connection, enter:
$ rlogin -x host2
2. To log in and forward your Kerberos ticket to the remote host, enter:
$ rlogin -f host2
FILES
/etc/hosts.equiv
Specifies remote hosts from which users can execute commands on the
local host (provided these users have an account on the local host).
$HOME/.rhosts
Specifies remote users that can use a local user account.
/etc/ssh2/ssh2_config
Specifies Secure Shell client configuration information.
/etc/ssh2/sshd2_config
Specifies Secure Shell server configuration information.
SEE ALSO
Commands: kinit(1), kdestroy(1), klist(1), rcp(1), rlogin(1), ssh2(1),
telnet(1)
Files: hosts.equiv(4), rhosts(4), ssh2_config(4)
Guides: Security Administration
|
Index for
Section 1 |
|
|
Alphabetical
listing for R |
|
 |
Top of
page |
|