Using the r commands rlogin rcp and rsh

The rlogin, rcp, and rsh commands all use the same underlying security mechanism to enable remote login, remote file copy, and remote execution, respectively, among computers. If you use these commands, you will find that they are a quick and convenient way of exchanging information among a group of trusted computers.

Caution The default security mechanism used by the "r" commands is not very secure. Don't use these commands if your computers protect national secrets. I recommend using these commands — and the security arrangement I'm about to describe — between computers within an organization in which the other computers are trusted and there are no connections to the outside world. They provide a great way for people who work on multiple computers to easily exchange data and execute commands among those computers.

One of the main problems with the "r" commands is that the underlying security mechanism simply believes that you are who you say you are. For example, suppose permission is open to allow joe from the computer named maple to run any program as though he were the local user named joe. Any computer with access to your network could claim to be that computer and user to gain access to your computer. Even the basic password mechanism is bypassed.

Setting up rhosts security

Let's say you have a private network at your place of business and you want your employees to be able to draw on resources from many of those computers. You give each user a login account to several different computers (using the same login name on each). For a user to be able to freely exchange information among the computers, you or the user can simply change a configuration file to enable the user to run the rlogin, rcp, and rsh commands freely between the computers.

Caution The reason the security measures described here are not terribly secure is that they rely on the computer on the networks to supply user names. There is no guarantee that the names supplied are real user names. For that reason, you should use this method only among trusted machines. An individual user can create a .rhosts file in the user's home directory. That file can contain a list of host computers on which the user has accounts of the same name. For example, a user named mike on the machine named pine also has a user login (of the same name) on computers named maple, spruce, and fig. He adds the following entries to a .rhosts file that looks like the following in the home directory on each computer:

maple spruce fig pine

After the files are added, mike can use the rlogin, rsh, and rcp commands between the four computers without having to type a password. For each command, mike will have permission to copy files, access files and directories, and execute programs with the permission available on the computer being accessed.

Instead of using the .rhosts files, a system administrator can add similar contents to the /etc/hosts.equiv file. A /etc/hosts.equiv file that had those four computer names in it would enable any users with the same user name on those computers to exchange information between them without entering a password. Besides hostnames, the /etc/hosts.equiv file can limit the user names that can use "r" commands without passwords. Here's an example of a /etc/hosts.equiv file:

maple mike sally bill sheree spruce mike sally fig pine

In this example, users with the same names on fig and pine can exchange information freely. However, only mike, sally, bill, and sheree can freely exchange information on maple, whereas mike and sally can exchange information on spruce. If users aren't included in the hosts.equiv file, they can still create their own .rhosts file. You can also add a plus (+) to an entry to indicate that access permission should be added for that entry.

Note Although the .rhosts feature is on by default, a host computer can turn it off by running rlogin's server daemon (rlogind) with the -l option (to prevent the use of an individual's .rhosts file) or the -L option (which prevents /etc/hosts.equiv from being read). Here are some commands that you could run between trusted hosts that were set up as described above:

$ rlogin maple

$ rcp filel spruce:/home/mike $ rsh fig df

The user named mike from the computer name pine runs the commands shown. With the first command, mike is logged in immediately as mike to the computer named maple (no password is necessary). Next, the rcp command copies the file1 file to the /home/mike directory on spruce. In the last example, the remote execution command (rsh) runs the df command and the output (a disk space listing from fig) appears on his local screen.

Note Other security measures can be used instead of the .rhosts method. One of the most popular methods is called Kerberos. With Kerberos, each user sets up a .klogin file that lists Kerberos principal names. A user trying to gain access to a remote user account is authenticated to a principal named in the user's .klogin file before access is allowed. Using rlogin for remote logins

The rlogin command is not as widely available as telnet for logging in to remote computers. However, it does offer some features that make it easier to use among Red Hat Linux and other UNIX systems. In particular, rlogin can be set up to do no-password logins (described in the previous section) and it has some tilde (~) escape features that you can use to escape from the login session.

Some people expect rlogin to be replaced by telnet as more features (such as tilde escapes) are added to telnet. To use rlogin, simply type:

$ rlogin hostname

In the above code, hostname is replaced by the computer that you want to login to. You can use any hostname that is in your /etc/hosts file or that can be obtained through DNS. Once you have started rlogin, you can use any of the following key sequences:

~. — Exit. This causes the rlogin program to exit (ungracefully). I use this option if the remote shell is hung or if I get stuck at the login prompt (from a forgotten password or logged into the wrong system).

~Ctrl+Shift+z — Suspend. (Press Ctrl and Shift while pressing z.) This puts the current rlogin session in the background, returning you to a local shell command line. To return to the suspended session, type fg.

Using rcp for remote copies

The rcp command is handy for copying one file or a whole directory structure of files from one computer to another. It is quicker than ftp because you don't have to start a session and log in before you copy a file. However, because rcp doesn't prompt for a password, it requires that you configure rhosts authentication (discussed above) for it to work.

To copy a file from one computer to another, use the following command:

$ rcp fileX maple:/home/mike

That command would copy the file (fileX) to /home/mike on the computer named maple. You could also take a file from another computer by typing the following:

$ rcp maple:/home/mike/fileZ .

That command would copy the file (fileZ) from /home/mike on maple and place it in the current directory (.).

If rhosts authentication is set up among several hosts on your network, you can have both the source and destination of the file on different computers. For example:

$ rcp maple:/home/mike/fileY pine:/tmp

You can use shell metacharacters (*, ?, etc.) in a path name. However, you must surround them in quotes (or escape them with backslashes) if you want them to refer to a remote location so the local shell doesn't interpret them. Here is an example:

The previous command would copy all files in the /tmp directory on the computer named maple that begin with the letter p (p*) to the /tmp directory on the local system.

Perhaps the most useful option for the rcp command is the -r option. The -r option enables you to copy all the files in a directory structure from one computer to another. This can provide a quick and easy way of backing up a large area of data in one command. Here is an example:

The previous example is one that I use. I store all my software and data files in the directory /a. If I want to do a quick backup or if I want to reinstall Red Hat Linux, I can copy all of my data and software to maple, reinstall the local system, then rcp the files back again. This command creates a directory on maple in a directory called /backup/pine/a. That directory can contain hundreds of files and subdirectories.

Using rsh for remote execution

While previous commands, such as rcp and ftp, can help you share files among computers on your network, rsh lets you share the processors. With rsh, it is simple to ask that a command be run on any computer for which you have rhosts access. Likewise, you can have the command's output printed on your screen, directed to a local file, or directed to a remote file.

Here are four examples of the rsh command: $ rsh spruce who

$ rsh maple "tail -f /var/log/messages" $ rsh pine "man rlogin" >> /tmp/rlman $ rsh fir "uname -a" ">>" /tmp/name

In the first example, the who command is run on the remote computer named spruce and the output appears on the local screen. The second example runs the tail -f command to display messages as they arrive in the /var/log/messages file on maple. (This is a good way to remotely monitor log files in one quick command line.) The next command runs the man command to output the rlogin man page and outputs the results to the /tmp/rlman file on the local system. In the final example, the uname -a command runs on fir, but by quoting the arrows, the output is sent to the /tmp/name file on the remote computer, rather than the local one.

Continue reading here: Summary

Was this article helpful?

+1 0