Berkeley r-commands
Developer(s) | Computer Systems Research Groupat theUniversity of California, Berkeley |
---|---|
Initial release | June 1981 |
Operating system | UnixandUnix-like |
Type | Commandsuite |
License | BSD |
Internet protocol suite |
---|
Application layer |
Transport layer |
Internet layer |
Link layer |
TheBerkeley r-commandsare asuiteofcomputer programsdesigned to enable users of oneUnixsystem tolog inor issuecommandsto anotherUnixcomputer viaTCP/IPcomputer network.[1]The r-commands were developed in 1982 by theComputer Systems Research Groupat theUniversity of California, Berkeley,based on an early implementation ofTCP/IP(theprotocol stackof theInternet).[2]
The CSRG incorporated the r-commands into theirUnixoperating system,theBerkeley Software Distribution(BSD). The r-commands premiered in BSD v4.1.[2]Among the programs in the suite are:rcp
(remotecopy),rexec
(remoteexecution),rlogin
(remotelogin),rsh
(remoteshell),rstat
,ruptime
,andrwho
(remotewho).[2][3]
The r-commands were a significant innovation, and becamede factostandards for Unix operating systems.[4][5]With wider public adoption of the Internet, their inherent security vulnerabilities became a problem,[6]and beginning with the development ofSecure Shellprotocols and applications in 1995, its adoption entirely supplanted the deployment and use of r-commands (andTelnet) on networked systems.[7]
Service | Port | Transport | Refs | |
---|---|---|---|---|
Client | Daemon | |||
rcp | rshd | 514 | TCP | |
rexec |
rexecd | 512 | TCP | [8] |
rlogin | rlogind | 513 | TCP | [9] |
rsh | rshd | 514 | TCP | |
rstat | rstatd | UDP | ||
ruptime | rwhod | 513 | UDP | [10] |
rwho | [9][10] |
Protocol
[edit]The original Berkeley package that providesrlogin
also featuresrcp
(remote-copy, allowing files to be copied over the network) andrsh(remote-shell, allowing commands to be run on a remote machine without the user logging into it).
As an example, the protocol is as follows:[11]
Client:
<null>
usernameontheclient<null>
usernameontheserver<null>
terminaltype/terminalbaudrate<null>
Server:
The server would check that the user should have access. If so, it returns a message with nothing in it (not even anull character), meaning the connection is established. For example:
Client:
<null>
bostic<null>
kbostic<null>
vt100/9600<null>
Server:
Bothrlogin
andrsh
share the/etc/hosts.equiv
(applies to all users on the server) and$HOME/.rhosts
(applies to only the user that puts the file in its home folder) access-control scheme, although they connect to different daemons.rlogin
connects torlogind
,whilersh
connects torshd
.
hosts.equiv
and.rhosts
uses the same format. The following shows some aspects of the format:[12][13]
host1
host2user_a
-host3
+@group1-user_b
-@group2
This allows all users from host1 to login, user_a from host2 to login, no users from host3, all users on group1 except user_b, and no users on group2.
Commands
[edit]rlogin
[edit]rlogin
enables a user to log in on anotherserverviacomputer network,usingTCPnetwork port513.
rlogin
is also the name of theapplication layerprotocolused by the software, part of theTCP/IPprotocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "Therlogin
facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output. "rlogin
communicates with adaemon,rlogind
,on the remote host.rlogin
is similar to theTelnetcommand, but is not as customizable and is able to connect only to Unix-like hosts.
rsh
[edit]rsh
opens ashellon a remote computer without aloginprocedure. Once connected, the user can execute commands on the remote computer through the shell'scommand-line interface.rsh
passes input and output through thestandard streams,and it sendsstandard outputto the user'sconsole.Over the network,standard inputand standard out flow through TCP port 514, whileStandard Errorflows through a different TCP port, which thersh
daemon(rshd
) opens.[14]
rexec
[edit]Likersh
,rexec
enables the user to run shell commands on a remote computer. However, unlike the rsh server, therexec
server (rexecd
) requires login: it authenticates users by reading the username and password (unencrypted) from thenetwork socket.[15]rexec
uses TCP port 512.
rcp
[edit]rcp
can copy a file or directory from the local system to a remote system, from a remote system to the local system, or from one remote system to another.[16]The command lineargumentsofcp
andrcp
are similar, but inrcp
remote files are prefixed with the name of the remote system:
rcp file.txt subdomain.domain:~/home/foo/file.txt
As with the Unix copy commandcp,rcp
overwrites an existing file of the same name in the target; unlikecp
,it provides no mechanism for warning the user before overwriting the target file.[16]Likersh
,rcp
uses TCP port 514.[17]
rwho
[edit]Just as thewhocommand lists the users who are logged in to the local Unix system,rwho
lists those users who are logged into allmulti-userUnix systems on the local network.[18]rwho
's daemon,rwhod
,maintains a database of the status of Unix systems on the local network. The daemon and its database are also used by theruptime
program.[19]
rstat
[edit]rstat
returns performance statistics from the kernel.
ruptime
[edit]Just as theuptime
command shows how long a Unix system has been running since the last restart,ruptime
requests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, thenruptime
reports that the system isdown.[20]This information is tracked and stored by the daemonrwhod
,which is also used by the rwho command.[19]
Security
[edit]Those r-commands which involve user authentication (rcp
,rexec
,rlogin
,andrsh
) share several serious security vulnerabilities:
- All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
- The
.rlogin
(or.rhosts
) file is easy to misuse. They are designed to allow logins without apassword,but their reliance on remote usernames, hostnames, and IP addresses is exploitable. For this reason many corporate system administrators prohibit.rhosts
files, and actively scrutinize their networks for offenders. - The protocol partly relies on the remote party's
rlogin
client to provide information honestly, including source port and source host name. A malicious client can forge this and gain access, as therlogin
protocol has no means ofauthenticatingthe client is running on a trusted machine. It also cannot check if the requesting client on a trusted machine is the realrlogin
client, meaning that malicious programs may pretend to be a standard-conformingrlogin
client by using the same protocols. - The common practice of mounting users' home directories viaNetwork File Systemexposes rlogin to attack by means of fake
.rhosts
files - this means that any of its security faults automatically plaguerlogin
.
Due to these problems, the r-commands fell into relative disuse (with many Unix andLinuxdistributions no longer including them by default). Many networks that formerly relied onrlogin
andtelnet
have replaced them withSSHand itsrlogin
-equivalentslogin
.[21][22]
See also
[edit]Notes
[edit]- ^Horwitz, Jeff (2003) [2002]."Using the Berkeley r-commands Without a Password".Unix System Management: Primer Plus.Sams Publishing. p. 339.ISBN978-0-672-32372-0.Retrieved2018-03-04– via Google Books.
- ^abcMcKusick, Marshall Kirk(1999)."Twenty Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable".Open Sources: Voices from the Open Source Revolution.O'Reilly & Associates.Section: "4.2BSD".ISBN978-1-56592-582-3.Retrieved2018-03-03.
- ^Pyles, James; Carrell, Jeffrey L.; Tittel, Ed (2017)."Which IP Services Are Most Vulnerable?".Guide to TCP/IP: IPv6 and IPv4(5th ed.). Cengage Learning. p. 659.ISBN978-1-305-94695-8– via Google Books.
- ^Casad (2008), p.346
- ^Negus, Christopher (2004-07-02)."About" r "Commands".Red Hat Fedora Linux 2 Bible.Wiley.ISBN0-7645-5745-9.OCLC441918216.Retrieved2018-03-04.
- ^"A Case Study of Using a Secure Network Layer Protocol".CiteSeerX10.1.1.178.8497.
- ^Nicholas Rosasco; David Larochelle."How and Why More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH"(Conference Paper).Harvard University.doi:10.1007/1-4020-8090-5_18.S2CID19035681.Retrieved13 April2023.
- ^"REXEC command—Execute a command on the remote host and receive the results on your local host".z/OS Communications Server: IP User's Guide and Commands.2013 [1990].Retrieved2018-03-04.
- ^ab"More on Ports".FreeBSD Network Administrators Guide.Retrieved2018-03-04.
- ^abCasad (2008), pp.350–51
- ^Kantor, Brian (December 1991).BSD Rlogin(Report). Internet Engineering Task Force.
- ^".rhosts File Format for TCP/IP".www.ibm.com.Retrieved2023-11-29.
- ^"hosts.equiv File Format for TCP/IP".www.ibm.com.Retrieved2023-11-29.
- ^Edwards, Wade; Lancaster, Tom; Quinn, Eric; Rohm, Jason; Tow, Bryant (2004).CCSP: Secure PIX and Secure VPN Study Guide.Sybex.p. 154.ISBN0-7821-4287-7.Retrieved2018-03-07– via Google Books.
- ^"rexecd(8)".manpagez.com.Retrieved2018-03-03.
- ^abFarrell, Phillip (3 August 2004)."rcp".earthsci.stanford.edu.Stanford University School of Earth, Energy & Environmental Sciences. Archived fromthe originalon 2021-02-07.Retrieved2018-03-06.
- ^"Rlogin, RSH, and RCP".SourceDaddy.Retrieved2018-02-18.
- ^"rwho (1) - Linux Man Pages".Retrieved2018-03-07.
- ^ab"rwhod (8) - Linux Man Pages".Retrieved2018-03-07.
- ^"ruptime (1) - Linux Man Pages".SysTutorials.Retrieved2018-03-07.
- ^Sobell, Mark (2010).A Practical Guide to Linux Commands, Editors, and Shell Programming.Pearson Education, Inc.ISBN978-0-13-136736-4.
- ^"Unix job control command list".Indiana University.Retrieved20 December2014.
References
[edit]- Casad, Joe (2008)."Berkeley Remote Utilities".Sams Teach Yourself TCP/IP in 24 Hours.Pearson Education.ISBN978-0-13-271513-3– via Google Books.
Further reading
[edit]- Noordergraaf, Alex (2003) [2002]."Remote Access Services (rsh, rlogin, and rcp)".Enterprise Security: Solaris Operating Environment, Security Journal, Solaris OE v2.51, 2.6, 7, and 8.Prentice Hall.ISBN978-0-13-100092-6.
- Poniatowski, Marty (2000).UNIX User's Handbook(1st ed.). Prentice Hall. pp. 475–77.ISBN978-0-13-027019-1.OCLC43561861.
- Rogers, Lawrence R. (November 1998)."rlogin(1): The Untold Story"(PDF).Archived fromthe original(PDF)on 2001-12-17.
- "Unix User Enumeration".Penetration Testing Lab.10 April 2012.