Developer(s) | Computer Systems Research Group at the University of California, Berkeley |
---|---|
Initial release | June 1981 |
Operating system | Unix and Unix-like |
Type | Command suite |
License | BSD |
Internet protocol suite |
---|
Application layer |
Transport layer |
Internet layer |
Link layer |
The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network.[1] The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP (the protocol stack of the Internet).[2]
The CSRG incorporated the r-commands into their Unix operating system, the Berkeley Software Distribution (BSD). The r-commands premiered in BSD v4.1.[2] Among the programs in the suite are: rcp
(remote copy), rexec
(remote execution), rlogin
(remote login), rsh
(remote shell), rstat
, ruptime
, and rwho
(remote who).[2][3]
The r-commands were a significant innovation, and became de facto standards for Unix operating systems.[4][5] With wider public adoption of the Internet, their inherent security vulnerabilities became a problem,[6] and beginning with the development of Secure Shell protocols and applications in 1995, its adoption entirely supplanted the deployment and use of r-commands (and Telnet) on networked systems.[7]
Service | Port | Transport | Refs | |
---|---|---|---|---|
Client | Daemon | |||
rcp | rshd | 514 | TCP | |
rexec | rexecd | 512 | TCP | [8] |
rlogin | rlogind | 513 | TCP | [9] |
rsh | rshd | 514 | TCP | |
rstat | rstatd | UDP | ||
ruptime | rwhod | 513 | UDP | [10] |
rwho | [9][10] |
Protocol
The original Berkeley package that provides rlogin
also features rcp
(remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it).
As an example, the protocol is as follows:[11]
Client:
<null>
user name on the client<null>
user name on the server<null>
terminal type/terminal baud rate<null>
Server:
The server would check that the user should have access. If so, it returns a message with nothing in it (not even a null character), meaning the connection is established. For example:
Client:
<null>
bostic<null>
kbostic<null>
vt100/9600<null>
Server:
Both rlogin
and rsh
share the /etc/hosts.equiv
(applies to all users on the server) and $HOME/.rhosts
(applies to only the user that puts the file in its home folder) access-control scheme, although they connect to different daemons. rlogin
connects to rlogind
, while rsh
connects to rshd
.
hosts.equiv
and .rhosts
uses the same format. The following shows some aspects of the format:[12][13]
host1
host2 user_a
-host3
+@group1 -user_b
-@group2
This allows all users from host1 to login, user_a from host2 to login, no users from host3, all users on group1 except user_b, and no users on group2.
Commands
rlogin
rlogin
enables a user to log in on another server via computer network, using TCP network port 513.
rlogin
is also the name of the application layer protocol used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "The rlogin
facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin
communicates with a daemon, rlogind
, on the remote host. rlogin
is similar to the Telnet command, but is not as customizable and is able to connect only to Unix-like hosts.
rsh
rsh
opens a shell on a remote computer without a login procedure. Once connected, the user can execute commands on the remote computer through the shell's command-line interface. rsh
passes input and output through the standard streams, and it sends standard output to the user's console. Over the network, standard input and standard out flow through TCP port 514, while Standard Error flows through a different TCP port, which the rsh
daemon (rshd
) opens.[14]
rexec
Like rsh
, rexec
enables the user to run shell commands on a remote computer. However, unlike the rsh server, the rexec
server (rexecd
) requires login: it authenticates users by reading the username and password (unencrypted) from the network socket.[15] rexec
uses TCP port 512.
rcp
rcp
can copy a file or directory from the local system to a remote system, from a remote system to the local system, or from one remote system to another.[16] The command line arguments of cp
and rcp
are similar, but in rcp
remote files are prefixed with the name of the remote system:
rcp file.txt subdomain.domain:~/home/foo/file.txt
As with the Unix copy command cp, rcp
overwrites an existing file of the same name in the target; unlike cp
, it provides no mechanism for warning the user before overwriting the target file.[16] Like rsh
, rcp
uses TCP port 514.[17]
rwho
Just as the who command lists the users who are logged in to the local Unix system, rwho
lists those users who are logged into all multi-user Unix systems on the local network.[18] rwho
's daemon, rwhod
, maintains a database of the status of Unix systems on the local network. The daemon and its database are also used by the ruptime
program.[19]
rstat
rstat
returns performance statistics from the kernel.
ruptime
Just as the uptime
command shows how long a Unix system has been running since the last restart, ruptime
requests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, then ruptime
reports that the system is down.[20] This information is tracked and stored by the daemon rwhod
, which is also used by the rwho command.[19]
Security
Those r-commands which involve user authentication (rcp
, rexec
, rlogin
, and rsh
) share several serious security vulnerabilities:
- All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
- The
.rlogin
(or.rhosts
) file is easy to misuse. They are designed to allow logins without a password, but their reliance on remote usernames, hostnames, and IP addresses is exploitable. For this reason many corporate system administrators prohibit.rhosts
files, and actively scrutinize their networks for offenders. - The protocol partly relies on the remote party's
rlogin
client to provide information honestly, including source port and source host name. A malicious client can forge this and gain access, as therlogin
protocol has no means of authenticating the client is running on a trusted machine. It also cannot check if the requesting client on a trusted machine is the realrlogin
client, meaning that malicious programs may pretend to be a standard-conformingrlogin
client by using the same protocols. - The common practice of mounting users' home directories via Network File System exposes rlogin to attack by means of fake
.rhosts
files - this means that any of its security faults automatically plaguerlogin
.
Due to these problems, the r-commands fell into relative disuse (with many Unix and Linux distributions no longer including them by default). Many networks that formerly relied on rlogin
and telnet
have replaced them with SSH and its rlogin
-equivalent slogin
.[21][22]
See also
Notes
- ↑ Horwitz, Jeff (2003) [2002]. "Using the Berkeley r-commands Without a Password". Unix System Management: Primer Plus. Sams Publishing. p. 339. ISBN 978-0-672-32372-0. Retrieved 2018-03-04 – via Google Books.
- 1 2 3 McKusick, Marshall Kirk (1999). "Twenty Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable". Open Sources: Voices from the Open Source Revolution. O'Reilly & Associates. Section: "4.2BSD". ISBN 978-1-56592-582-3. Retrieved 2018-03-03.
- ↑ Pyles, James; Carrell, Jeffrey L.; Tittel, Ed (2017). "Which IP Services Are Most Vulnerable?". Guide to TCP/IP: IPv6 and IPv4 (5th ed.). Cengage Learning. p. 659. ISBN 978-1-305-94695-8 – via Google Books.
- ↑ Casad (2008), p. 346
- ↑ Negus, Christopher (2004-07-02). "About "r" Commands". Red Hat Fedora Linux 2 Bible. Wiley. ISBN 0-7645-5745-9. OCLC 441918216. Retrieved 2018-03-04.
- ↑ "A Case Study of Using a Secure Network Layer Protocol". CiteSeerX 10.1.1.178.8497.
- ↑ Nicholas Rosasco; David Larochelle. "How and Why More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH" (Conference Paper). Harvard University. doi:10.1007/1-4020-8090-5_18. S2CID 19035681. Retrieved 13 April 2023.
- ↑ "REXEC command—Execute a command on the remote host and receive the results on your local host". z/OS Communications Server: IP User's Guide and Commands. 2013 [1990]. Retrieved 2018-03-04.
- 1 2 "More on Ports". FreeBSD Network Administrators Guide. Retrieved 2018-03-04.
- 1 2 Casad (2008), pp. 350–51
- ↑ Kantor, Brian (December 1991). BSD Rlogin (Report). Internet Engineering Task Force.
- ↑ ".rhosts File Format for TCP/IP". www.ibm.com. Retrieved 2023-11-29.
- ↑ "hosts.equiv File Format for TCP/IP". www.ibm.com. Retrieved 2023-11-29.
- ↑ Edwards, Wade; Lancaster, Tom; Quinn, Eric; Rohm, Jason; Tow, Bryant (2004). CCSP: Secure PIX and Secure VPN Study Guide. Sybex. p. 154. ISBN 0-7821-4287-7. Retrieved 2018-03-07 – via Google Books.
- ↑ "rexecd(8)". manpagez.com. Retrieved 2018-03-03.
- 1 2 Farrell, Phillip (3 August 2004). "rcp". earthsci.stanford.edu. Stanford University School of Earth, Energy & Environmental Sciences. Archived from the original on 2021-02-07. Retrieved 2018-03-06.
- ↑ "Rlogin, RSH, and RCP". SourceDaddy. Retrieved 2018-02-18.
- ↑ "rwho (1) - Linux Man Pages". Retrieved 2018-03-07.
- 1 2 "rwhod (8) - Linux Man Pages". Retrieved 2018-03-07.
- ↑ "ruptime (1) - Linux Man Pages". SysTutorials. Retrieved 2018-03-07.
- ↑ Sobell, Mark (2010). A Practical Guide to Linux Commands, Editors, and Shell Programming. Pearson Education, Inc. ISBN 978-0-13-136736-4.
- ↑ "Unix job control command list". Indiana University. Retrieved 20 December 2014.
References
- Casad, Joe (2008). "Berkeley Remote Utilities". Sams Teach Yourself TCP/IP in 24 Hours. Pearson Education. ISBN 978-0-13-271513-3 – via Google Books.
Further reading
- Noordergraaf, Alex (2003) [2002]. "Remote Access Services (rsh, rlogin, and rcp)". Enterprise Security: Solaris Operating Environment, Security Journal, Solaris OE v2.51, 2.6, 7, and 8. Prentice Hall. ISBN 978-0-13-100092-6.
- Poniatowski, Marty (2000). UNIX User's Handbook (1st ed.). Prentice Hall. pp. 475–77. ISBN 978-0-13-027019-1. OCLC 43561861.
- Rogers, Lawrence R. (November 1998). "rlogin(1): The Untold Story" (PDF). Archived from the original (PDF) on 2001-12-17.
- "Unix User Enumeration". Penetration Testing Lab. 10 April 2012.