Jump to content

Berkeley r-commands

From Wikipedia, the free encyclopedia
(Redirected fromRlogin)
Berkeley r-commands
Developer(s)Computer Systems Research Groupat theUniversity of California, Berkeley
Initial releaseJune 1981;43 years ago(1981-06)
Operating systemUnixandUnix-like
TypeCommandsuite
LicenseBSD
Internet protocol suite
Application layer
Transport layer
Internet layer
Link layer

TheBerkeley r-commandsare asuiteofcomputer programsdesigned to enable users of oneUnixsystem tolog inor issuecommandsto anotherUnixcomputer viaTCP/IPcomputer network.[1]The r-commands were developed in 1982 by theComputer Systems Research Groupat theUniversity of California, Berkeley,based on an early implementation ofTCP/IP(theprotocol stackof theInternet).[2]

The CSRG incorporated the r-commands into theirUnixoperating system,theBerkeley Software Distribution(BSD). The r-commands premiered in BSD v4.1.[2]Among the programs in the suite are:rcp(remotecopy),rexec(remoteexecution),rlogin(remotelogin),rsh(remoteshell),rstat,ruptime,andrwho(remotewho).[2][3]

The r-commands were a significant innovation, and becamede factostandards for Unix operating systems.[4][5]With wider public adoption of the Internet, their inherent security vulnerabilities became a problem,[6]and beginning with the development ofSecure Shellprotocols and applications in 1995, its adoption entirely supplanted the deployment and use of r-commands (andTelnet) on networked systems.[7]

Overview
Service Port Transport Refs
Client Daemon
rcp rshd 514 TCP
rexec rexecd 512 TCP [8]
rlogin rlogind 513 TCP [9]
rsh rshd 514 TCP
rstat rstatd UDP
ruptime rwhod 513 UDP [10]
rwho [9][10]

Protocol

[edit]

The original Berkeley package that providesrloginalso featuresrcp(remote-copy, allowing files to be copied over the network) andrsh(remote-shell, allowing commands to be run on a remote machine without the user logging into it).

As an example, the protocol is as follows:[11]

Client:
<null>
usernameontheclient<null>
usernameontheserver<null>
terminaltype/terminalbaudrate<null>

Server:

The server would check that the user should have access. If so, it returns a message with nothing in it (not even anull character), meaning the connection is established. For example:

Client:
<null>
bostic<null>
kbostic<null>
vt100/9600<null>

Server:

Bothrloginandrshshare the/etc/hosts.equiv(applies to all users on the server) and$HOME/.rhosts(applies to only the user that puts the file in its home folder) access-control scheme, although they connect to different daemons.rloginconnects torlogind,whilershconnects torshd. hosts.equivand.rhostsuses the same format. The following shows some aspects of the format:[12][13]

host1
host2user_a
-host3
+@group1-user_b
-@group2

This allows all users from host1 to login, user_a from host2 to login, no users from host3, all users on group1 except user_b, and no users on group2.

Commands

[edit]

rlogin

[edit]
See also:Telnet

rloginenables a user to log in on anotherserverviacomputer network,usingTCPnetwork port513.

rloginis also the name of theapplication layerprotocolused by the software, part of theTCP/IPprotocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "Therloginfacility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output. "rlogincommunicates with adaemon,rlogind,on the remote host.rloginis similar to theTelnetcommand, but is not as customizable and is able to connect only to Unix-like hosts.

rsh

[edit]
Further information:Remote Shell

rshopens ashellon a remote computer without aloginprocedure. Once connected, the user can execute commands on the remote computer through the shell'scommand-line interface.rshpasses input and output through thestandard streams,and it sendsstandard outputto the user'sconsole.Over the network,standard inputand standard out flow through TCP port 514, whileStandard Errorflows through a different TCP port, which thershdaemon(rshd) opens.[14]

rexec

[edit]

Likersh,rexecenables the user to run shell commands on a remote computer. However, unlike the rsh server, therexecserver (rexecd) requires login: it authenticates users by reading the username and password (unencrypted) from thenetwork socket.[15]rexecuses TCP port 512.

rcp

[edit]

rcpcan copy a file or directory from the local system to a remote system, from a remote system to the local system, or from one remote system to another.[16]The command lineargumentsofcpandrcpare similar, but inrcpremote files are prefixed with the name of the remote system: 

rcp file.txt subdomain.domain:~/home/foo/file.txt

As with the Unix copy commandcp,rcpoverwrites an existing file of the same name in the target; unlikecp,it provides no mechanism for warning the user before overwriting the target file.[16]Likersh,rcpuses TCP port 514.[17]

rwho

[edit]

Just as thewhocommand lists the users who are logged in to the local Unix system,rwholists those users who are logged into allmulti-userUnix systems on the local network.[18]rwho's daemon,rwhod,maintains a database of the status of Unix systems on the local network. The daemon and its database are also used by theruptimeprogram.[19]

rstat

[edit]

rstatreturns performance statistics from the kernel.

ruptime

[edit]

Just as theuptimecommand shows how long a Unix system has been running since the last restart,ruptimerequests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, thenruptimereports that the system isdown.[20]This information is tracked and stored by the daemonrwhod,which is also used by the rwho command.[19]

Security

[edit]

Those r-commands which involve user authentication (rcp,rexec,rlogin,andrsh) share several serious security vulnerabilities:

  • All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
  • The.rlogin(or.rhosts) file is easy to misuse. They are designed to allow logins without apassword,but their reliance on remote usernames, hostnames, and IP addresses is exploitable. For this reason many corporate system administrators prohibit.rhostsfiles, and actively scrutinize their networks for offenders.
  • The protocol partly relies on the remote party'srloginclient to provide information honestly, including source port and source host name. A malicious client can forge this and gain access, as therloginprotocol has no means ofauthenticatingthe client is running on a trusted machine. It also cannot check if the requesting client on a trusted machine is the realrloginclient, meaning that malicious programs may pretend to be a standard-conformingrloginclient by using the same protocols.
  • The common practice of mounting users' home directories viaNetwork File Systemexposes rlogin to attack by means of fake.rhostsfiles - this means that any of its security faults automatically plaguerlogin.

Due to these problems, the r-commands fell into relative disuse (with many Unix andLinuxdistributions no longer including them by default). Many networks that formerly relied onrloginandtelnethave replaced them withSSHand itsrlogin-equivalentslogin.[21][22]

See also

[edit]

Notes

[edit]
  1. ^Horwitz, Jeff (2003) [2002]."Using the Berkeley r-commands Without a Password".Unix System Management: Primer Plus.Sams Publishing. p. 339.ISBN978-0-672-32372-0.Retrieved2018-03-04– via Google Books.
  2. ^abcMcKusick, Marshall Kirk(1999)."Twenty Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable".Open Sources: Voices from the Open Source Revolution.O'Reilly & Associates.Section: "4.2BSD".ISBN978-1-56592-582-3.Retrieved2018-03-03.
  3. ^Pyles, James; Carrell, Jeffrey L.; Tittel, Ed (2017)."Which IP Services Are Most Vulnerable?".Guide to TCP/IP: IPv6 and IPv4(5th ed.). Cengage Learning. p. 659.ISBN978-1-305-94695-8– via Google Books.
  4. ^Casad (2008), p.346
  5. ^Negus, Christopher (2004-07-02)."About" r "Commands".Red Hat Fedora Linux 2 Bible.Wiley.ISBN0-7645-5745-9.OCLC441918216.Retrieved2018-03-04.
  6. ^"A Case Study of Using a Secure Network Layer Protocol".CiteSeerX10.1.1.178.8497.
  7. ^Nicholas Rosasco; David Larochelle."How and Why More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH"(Conference Paper).Harvard University.doi:10.1007/1-4020-8090-5_18.S2CID19035681.Retrieved13 April2023.
  8. ^"REXEC command—Execute a command on the remote host and receive the results on your local host".z/OS Communications Server: IP User's Guide and Commands.2013 [1990].Retrieved2018-03-04.
  9. ^ab"More on Ports".FreeBSD Network Administrators Guide.Retrieved2018-03-04.
  10. ^abCasad (2008), pp.350–51
  11. ^Kantor, Brian (December 1991).BSD Rlogin(Report). Internet Engineering Task Force.
  12. ^".rhosts File Format for TCP/IP".www.ibm.com.Retrieved2023-11-29.
  13. ^"hosts.equiv File Format for TCP/IP".www.ibm.com.Retrieved2023-11-29.
  14. ^Edwards, Wade; Lancaster, Tom; Quinn, Eric; Rohm, Jason; Tow, Bryant (2004).CCSP: Secure PIX and Secure VPN Study Guide.Sybex.p. 154.ISBN0-7821-4287-7.Retrieved2018-03-07– via Google Books.
  15. ^"rexecd(8)".manpagez.com.Retrieved2018-03-03.
  16. ^abFarrell, Phillip (3 August 2004)."rcp".earthsci.stanford.edu.Stanford University School of Earth, Energy & Environmental Sciences. Archived fromthe originalon 2021-02-07.Retrieved2018-03-06.
  17. ^"Rlogin, RSH, and RCP".SourceDaddy.Retrieved2018-02-18.
  18. ^"rwho (1) - Linux Man Pages".Retrieved2018-03-07.
  19. ^ab"rwhod (8) - Linux Man Pages".Retrieved2018-03-07.
  20. ^"ruptime (1) - Linux Man Pages".SysTutorials.Retrieved2018-03-07.
  21. ^Sobell, Mark (2010).A Practical Guide to Linux Commands, Editors, and Shell Programming.Pearson Education, Inc.ISBN978-0-13-136736-4.
  22. ^"Unix job control command list".Indiana University.Retrieved20 December2014.

References

[edit]

Further reading

[edit]
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Berkeley_r-commands&oldid=1187434056"