rlogin - Logs a user into a remote host
rlogin [-8Lfx] [-e character] [-l user] remote_host
Allows an 8-bit data path at all times. Otherwise, unless
the Stop and Continue key sequences on the remote host are
not standard, rlogin uses a 7-bit data path and the eighth
(high) bit of each byte is stripped. Changes the Escape
character. Substitute the character you choose for character.
Copies your Kerberos ticket from the local host to
the remote host to establish your Kerberos credentials on
the remote host. This option requires that the local and
remote hosts be configured to use Kerberos authentication
in the same or trusting Kerberos realms. The Kerberos
ticket will remain on the remote host until it either
expires or it is explicitly destroyed. The -f option is
ignored when used with the -l option. Specifies to log
into the remote host using the specified username instead
of the local username. If this option is not specified,
the local and remote usernames are the same. Allows the
rlogin session to be run in litout mode. In this mode, the
escape sequence ~. (where ~ is the escape character) disconnects
you from the remote host and the escape sequence
~^Z (where ^Z, or Ctrl-Z, is the suspend character) suspends
the rlogin session if you are using csh. Encrypts
the data transmitted between the local host and the remote
host. This option requires that the local and remote hosts
be configured to use Kerberos authentication in the same
or trusting Kerberos realms.
The rlogin command logs a user into a remote host that is
running the rlogind daemon. Alternatively, you can use the
telnet command (if supported).
The remote terminal type is the same as that given in the
local TERM environment variable. The terminal or window
size is also the same, if the remote host supports them,
and any changes in size are transferred. All echoing
takes place at the remote host, so except for delays, the
terminal connection is transparent. Pressing the Stop and
Continue key sequences stops and starts the flow of information,
and the input and output buffers are flushed on
Unless otherwise modified by the -e option, the standard
Escape character for disconnecting from the remote host is
a ~ (tilde). The Escape character is only recognized by
the remote host if it occurs at the beginning of a line.
Otherwise, the Escape character is sent to the remote host
as a normal character. To send the Escape character to the
remote host as a normal character at the beginning of a
line, press the Escape character twice. Pressing the
Escape character and a (dot) (for example, ~.) immediately
disconnects the local terminal from the remote host.
The way that the remote host authenticates a user and
transmits data depends on if the local and remote hosts
are using a basic connection or a secure connection (Kerberos
or Secure Shell). Basic and secure connections provide
user authentication; however, a secure connection
also provides client and server authentication, data
encryption, data integrity, and nonrepudiation.
Basic Connection [Toc] [Back]
A basic connection is one where the rlogin command connects
to the remote host and the remote host authenticates
the user if one of the following conditions is satisfied:
If the local user ID is the root user, and the name of the
local host is listed as an equivalent host in the
/etc/hosts.equiv file on the remote host. If the local
user ID is the root user or if the check of
/etc/hosts.equiv fails, the user's home directory on the
remote host must contain a $HOME/.rhosts file that lists
the local host name and user name. The $HOME/.rhosts file
must be owned by either the remote user or the root user,
and have permissions set to 600 (read and write by owner
only). If neither of the previous conditions are met and
a password is defined for the user account on the remote
host, the remote host prompts for a password. The remote
host checks its password file to verify the password
entered. The login prompt is displayed if the password is
not correct. Pressing the End-of-File key sequence at the
login prompt ends the remote login attempt.
The rlogin command allows access to the remote host if the
remote user account does not have a password defined.
However, for security reasons, use of a password on all
user accounts is recommended.
Secure Connection [Toc] [Back]
A secure connection is one where the rlogin command connects
to the remote host by using either Kerberos or
Secure Shell. Kerberos and Secure Shell are client/server
applications that authenticate the client, server, and
user; encrypt data; and ensure data integrity and nonrepudiation.
See your system administrator to determine if
your system is running Kerberos or Secure Shell software.
See the Security Administration guide for more information
about Kerberos and Secure Shell.
Kerberos [Toc] [Back]
Kerberos does not use the /etc/host.equiv file or the
$HOME/.rhosts file for authentication. Kerberos authenticates
by using secret-key cryptography and tickets between
Kerberos clients and Kerberos servers in the same or
trusting Kerberos realms. Once authenticated by Kerberos,
users receive a Kerberos Ticket Granting Ticket (TGT).
Users with a valid TGT are not prompted for a username or
password when the remote host is in the same or trusting
Secure Shell [Toc] [Back]
Secure Shell authenticates users by using passwords, hostbased
identification, or public and private keys between
Secure Shell clients and servers.
By default, the rlogin command will use Kerberos (with a
valid TGT) when a system is configured to use both Kerberos
and Secure Shell.
To use Secure Shell to log in to a remote host, enter the
Secure Shell ssh2 (or ssh) command instead of the rlogin
command. The ssh2 command provides the same functionality
and options as the rlogin command over a secure connection.
See ssh2(1) for more information on using the Secure
Shell ssh2 command.
Alternatively, you can configure the rsh, rlogin, and rcp
commands and applications that use the rcmd() function to
automatically use a Secure Shell connection by enabling
the Secure Shell EnforceSecureRutils keyword in the
/etc/ssh2/ssh2_config file or in a user's
$HOME/.ssh2/ssh2_config file. When the EnforceSecureRutils
keyword is enabled: The sshd daemon runs and spawns the
srcmd child process; the rlogind daemon does not run. The
rlogin command can use Secure Shell password or host-based
authentication to authenticate users.
See Security Administration for more information about
configuring Secure Shell password and host-based authentication
and the EnforceSecureRutils keyword.
After it is determined that Secure Shell will be used, all
authentication and communication between the client and
server will use the Secure Shell connection. A connection
is not established if a user cannot be authenticated.
In the following examples, the local host is listed in the
/etc/hosts.equiv file at the remote host: To log in to a
remote host with your local username, enter: $ rlogin
host2 Password: <Enter password>
To log off the remote host and close the connection,
enter the End-of-File key sequence. To log
in to a remote host with a different username,
enter: $ rlogin host2 -l dale
You are prompted to enter your password and then
are logged in to the remote host host2 with the
username dale. To log in to host2 with the your
local username and change the Escape character to \
(backslash), enter: $ rlogin host2 -e\\
The following examples use Kerberos. The local host host1
and the remote host host2 are in the same Kerberos realm.
To log into the remote host over an encrypted connection,
enter: $ rlogin -x host2 To log in and forward your Kerberos
ticket to the remote host, enter: $ rlogin -f host2
Specifies remote hosts from which users can execute commands
on the local host (provided these users have an
account on the local host). Specifies remote users that
can use a local user account. Specifies Secure Shell
client configuration information. Specifies Secure Shell
server configuration information.
Commands: kinit(1), kdestroy(1), klist(1), rcp(1),
rlogin(1), ssh2(1), telnet(1)
Files: hosts.equiv(4), rhosts(4), ssh2_config(4)
Guides: Security Administration
[ Back ]