LinuxCommandLibrary

rlogin

Remote login to another Linux machine

TLDR

Log in to a remote host

$ rlogin [remote_host]
copy

Log in to a remote host with a specific username
$ rlogin [[-l|--user]] [username] [remote_host]
copy

SYNOPSIS

rlogin [-8DEKL] [-e char] [-l user] host

PARAMETERS

-8
    Pass 8-bit data rather than stripping the eighth bit.

-D
    Enable socket debugging options.

-E
    Prevent any character from being recognized as an escape character.

-K
    Disable all Kerberos authentication.

-L
    Disable mapping of the remote current working directory to the local one.

-e char
    Specify the escape character, default is '~'.

-l user
    Specify a different username for the remote host.

host
    The remote hostname or IP address to connect to.

DESCRIPTION

rlogin is a command-line utility used to establish a remote login session on another Unix-like system. It is part of the r-commands suite, which also includes rsh and rcp.

The primary purpose of rlogin is to allow users to execute commands on a remote host as if they were logged in locally. Authentication typically relies on the .rhosts file in the user's home directory on the remote machine, or the /etc/hosts.equiv file, which lists trusted hosts and users.

While convenient for early networked environments, rlogin is considered highly insecure by modern standards because it transmits all communication, including passwords, in plaintext over the network, making it vulnerable to eavesdropping and replay attacks. Due to these significant security flaws, rlogin has been largely replaced by the more secure ssh (Secure Shell) protocol and its associated clients. Users should avoid rlogin for any sensitive or production use.

CAVEATS

The most significant caveat of rlogin is its inherent lack of security. All network traffic, including usernames and passwords, is transmitted in plaintext, making it highly vulnerable to eavesdropping and man-in-the-middle attacks.

Authentication typically relies on trust mechanisms (.rhosts, hosts.equiv) which are easily spoofed or exploited if not configured with extreme caution. rlogin is considered deprecated for most modern uses and should be avoided in favor of secure alternatives like ssh. Use of rlogin is strongly discouraged on untrusted networks or for sensitive data.

AUTHENTICATION (.RHOSTS AND HOSTS.EQUIV)

rlogin relies on two primary mechanisms for host-based authentication: the .rhosts file in a user's home directory on the remote machine, and the global /etc/hosts.equiv file. These files list trusted remote hosts and, optionally, users from those hosts who are allowed to log in without a password. While convenient, this trust model is inherently insecure, as a compromise of one machine or a malicious entry in these files can grant unauthorized access. Strict permissions are required for these files, and even then, they are not foolproof.

ESCAPE CHARACTER

During an rlogin session, you can use an escape character (default is ~) followed by a special character to perform specific actions. For example, ~. (tilde followed by a dot) will disconnect the session, and ~^Z (tilde followed by Ctrl+Z) will suspend the session. This functionality allows local control over the remote session.

HISTORY

rlogin emerged as part of the Berkeley r-commands suite developed at the University of California, Berkeley, in the early days of TCP/IP networking, alongside rsh and rcp. These commands provided convenient ways for users to interact with remote Unix systems and share resources across networks.

They became widely adopted due to their simplicity and integration with the Unix environment. However, as network security became a paramount concern in the 1990s and beyond, the plaintext nature of rlogin's communication made it obsolete and dangerous. The development of ssh in the mid-1990s provided a secure, encrypted replacement that rapidly gained favor and has since become the de facto standard for remote access, effectively relegating rlogin to historical or very specific, controlled, and insecure environments.

SEE ALSO

ssh(1), rsh(1), rcp(1), telnet(1)

Copied to clipboard