Template:Short description Template:Infobox Software Template:IPstack The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network.<ref>Template:Cite book</ref> The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP (the protocol stack of the Internet).<ref name="McKusick">Template:Cite book</ref>
The CSRG incorporated the r-commands into their Unix operating system, the Berkeley Software Distribution (BSD). The r-commands premiered in BSD v4.1.<ref name="McKusick"/> Among the programs in the suite are: <syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight> (remote copy), <syntaxhighlight lang="text" class="" style="" inline="1">rexec</syntaxhighlight> (remote execution), <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> (remote login), <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight> (remote shell), <syntaxhighlight lang="text" class="" style="" inline="1">rstat</syntaxhighlight>, <syntaxhighlight lang="text" class="" style="" inline="1">ruptime</syntaxhighlight>, and <syntaxhighlight lang="text" class="" style="" inline="1">rwho</syntaxhighlight> (remote who).<ref name="McKusick"/><ref>Template:Cite book</ref>
The r-commands were a significant innovation, and became de facto standards for Unix operating systems.<ref>Casad (2008), p. 346</ref><ref>Template:Cite book</ref> With wider public adoption of the Internet, their inherent security vulnerabilities became a problem,<ref>Template:Cite CiteSeerX</ref> and beginning with the development of Secure Shell protocols and applications in 1995, its adoption entirely supplanted the deployment and use of r-commands (and Telnet) on networked systems.<ref>Template:Cite journal</ref>
| Service | Port | Transport | Template:Abbr | |
|---|---|---|---|---|
| Client | Daemon | |||
| rcp | rshd | 514 | TCP | |
| <syntaxhighlight lang="text" class="" style="" inline="1">rexec</syntaxhighlight> | rexecd | 512 | TCP | <ref>Template:Cite book</ref> |
| rlogin | rlogind | 513 | TCP | <ref name="NAG">Template:Cite book</ref> |
| rsh | rshd | 514 | TCP | |
| rstat | rstatd | UDP | ||
| ruptime | rwhod | 513 | UDP | <ref name="Casad-350">Casad (2008), pp. 350–51</ref> |
| rwho | <ref name="NAG"/><ref name="Casad-350"/> | |||
ProtocolEdit
The original Berkeley package that provides <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> also features <syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight> (remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it).
As an example, the protocol is as follows:<ref>Template:Cite report</ref><syntaxhighlight lang="bash"> Client: <null> user name on the client<null> user name on the server<null> terminal type/terminal baud rate<null>
Server: </syntaxhighlight>The server would check that the user should have access. If so, it returns a message with nothing in it (not even a null character), meaning the connection is established.
For example:<syntaxhighlight lang="bash"> Client: <null> bostic<null> kbostic<null> vt100/9600<null>
Server: </syntaxhighlight>Both <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> and <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight> share the <syntaxhighlight lang="text" class="" style="" inline="1">/etc/hosts.equiv</syntaxhighlight> (applies to all users on the server) and <syntaxhighlight lang="text" class="" style="" inline="1">$HOME/.rhosts</syntaxhighlight> (applies to only the user that puts the file in its home folder) access-control scheme, although they connect to different daemons. <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> connects to <syntaxhighlight lang="text" class="" style="" inline="1">rlogind</syntaxhighlight>, while <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight> connects to <syntaxhighlight lang="text" class="" style="" inline="1">rshd</syntaxhighlight>.
<syntaxhighlight lang="text" class="" style="" inline="1">hosts.equiv</syntaxhighlight> and <syntaxhighlight lang="text" class="" style="" inline="1">.rhosts</syntaxhighlight> uses the same format. The following shows some aspects of the format:<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><syntaxhighlight lang="bash"> host1 host2 user_a -host3 +@group1 -user_b -@group2 </syntaxhighlight>This allows all users from host1 to login, user_a from host2 to login, no users from host3, all users on group1 except user_b, and no users on group2.
CommandsEdit
rloginEdit
<syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> enables a user to log in on another server via computer network, using TCP network port 513.
<syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> is also the name of the application layer protocol used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "The <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> communicates with a daemon, <syntaxhighlight lang="text" class="" style="" inline="1">rlogind</syntaxhighlight>, on the remote host. <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> is similar to the Telnet command, but is not as customizable and is able to connect only to Unix-like hosts.
rshEdit
<syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight> opens a shell on a remote computer without a login procedure. Once connected, the user can execute commands on the remote computer through the shell's command-line interface. <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight> passes input and output through the standard streams, and it sends standard output to the user's console. Over the network, standard input and standard out flow through TCP port 514, while Standard Error flows through a different TCP port, which the <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight> daemon (<syntaxhighlight lang="text" class="" style="" inline="1">rshd</syntaxhighlight>) opens.<ref>Template:Cite book</ref>
rexecEdit
Like <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight>, <syntaxhighlight lang="text" class="" style="" inline="1">rexec</syntaxhighlight> enables the user to run shell commands on a remote computer. However, unlike the rsh server, the <syntaxhighlight lang="text" class="" style="" inline="1">rexec</syntaxhighlight> server (<syntaxhighlight lang="text" class="" style="" inline="1">rexecd</syntaxhighlight>) requires login: it authenticates users by reading the username and password (unencrypted) from the network socket.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> <syntaxhighlight lang="text" class="" style="" inline="1">rexec</syntaxhighlight> uses TCP port 512.
rcpEdit
<syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight> can copy a file or directory from the local system to a remote system, from a remote system to the local system, or from one remote system to another.<ref name="Farrell">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> The command line arguments of <syntaxhighlight lang="text" class="" style="" inline="1">cp</syntaxhighlight> and <syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight> are similar, but in <syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight> remote files are prefixed with the name of the remote system:
rcp file.txt subdomain.domain:~/home/foo/file.txt
As with the Unix copy command cp, <syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight> overwrites an existing file of the same name in the target; unlike <syntaxhighlight lang="text" class="" style="" inline="1">cp</syntaxhighlight>, it provides no mechanism for warning the user before overwriting the target file.<ref name="Farrell"/> Like <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight>, <syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight> uses TCP port 514.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
rwhoEdit
Just as the who command lists the users who are logged in to the local Unix system, <syntaxhighlight lang="text" class="" style="" inline="1">rwho</syntaxhighlight> lists those users who are logged into all multi-user Unix systems on the local network.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> <syntaxhighlight lang="text" class="" style="" inline="1">rwho</syntaxhighlight>'s daemon, <syntaxhighlight lang="text" class="" style="" inline="1">rwhod</syntaxhighlight>, maintains a database of the status of Unix systems on the local network. The daemon and its database are also used by the <syntaxhighlight lang="text" class="" style="" inline="1">ruptime</syntaxhighlight> program.<ref name="syst_rwhod">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
rstatEdit
<syntaxhighlight lang="text" class="" style="" inline="1">rstat</syntaxhighlight> returns performance statistics from the kernel.
ruptimeEdit
Just as the <syntaxhighlight lang="text" class="" style="" inline="1">uptime</syntaxhighlight> command shows how long a Unix system has been running since the last restart, <syntaxhighlight lang="text" class="" style="" inline="1">ruptime</syntaxhighlight> requests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, then <syntaxhighlight lang="text" class="" style="" inline="1">ruptime</syntaxhighlight> reports that the system is down.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> This information is tracked and stored by the daemon <syntaxhighlight lang="text" class="" style="" inline="1">rwhod</syntaxhighlight>, which is also used by the rwho command.<ref name="syst_rwhod"/>
SecurityEdit
Those r-commands which involve user authentication (<syntaxhighlight lang="text" class="" style="" inline="1">rcp</syntaxhighlight>, <syntaxhighlight lang="text" class="" style="" inline="1">rexec</syntaxhighlight>, <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight>, and <syntaxhighlight lang="text" class="" style="" inline="1">rsh</syntaxhighlight>) share several serious security vulnerabilities:
- All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
- The <syntaxhighlight lang="text" class="" style="" inline="1">.rlogin</syntaxhighlight> (or <syntaxhighlight lang="text" class="" style="" inline="1">.rhosts</syntaxhighlight>) file is easy to misuse. They are designed to allow logins without a password, but their reliance on remote usernames, hostnames, and IP addresses is exploitable. For this reason many corporate system administrators prohibit <syntaxhighlight lang="text" class="" style="" inline="1">.rhosts</syntaxhighlight> files, and actively scrutinize their networks for offenders.
- The protocol partly relies on the remote party's <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> client to provide information honestly, including source port and source host name. A malicious client can forge this and gain access, as the <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> protocol has no means of authenticating the client is running on a trusted machine. It also cannot check if the requesting client on a trusted machine is the real <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> client, meaning that malicious programs may pretend to be a standard-conforming <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> client by using the same protocols.
- The common practice of mounting users' home directories via Network File System exposes rlogin to attack by means of fake <syntaxhighlight lang="text" class="" style="" inline="1">.rhosts</syntaxhighlight> files - this means that any of its security faults automatically plague <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight>.
Due to these problems, the r-commands fell into relative disuse (with many Unix and Linux distributions no longer including them by default). Many networks that formerly relied on <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight> and <syntaxhighlight lang="text" class="" style="" inline="1">telnet</syntaxhighlight> have replaced them with SSH and its <syntaxhighlight lang="text" class="" style="" inline="1">rlogin</syntaxhighlight>-equivalent <syntaxhighlight lang="text" class="" style="" inline="1">slogin</syntaxhighlight>.<ref name="Sobell">Template:Cite book</ref><ref name="iu">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
See alsoEdit
NotesEdit
ReferencesEdit
Further readingEdit
- Template:Cite book
- Template:Cite book
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
External linksEdit
- Template:IETF RFC, BSD Rlogin (1991)
- Template:Man
- Template:Man
- Template:Man