rlogin(1)rlogin(1)NAMErlogin - Logs a user into a remote host
SYNOPSISrlogin [-8Lfx] [-e character] [-l user] remote_host
OPTIONS
Allows an 8-bit data path at all times. Otherwise, unless the Stop and
Continue key sequences on the remote host are not standard, rlogin uses
a 7-bit data path and the eighth (high) bit of each byte is stripped.
Changes the Escape character. Substitute the character you choose for
character. Copies your Kerberos ticket from the local host to the
remote host to establish your Kerberos credentials on the remote host.
This option requires that the local and remote hosts be configured to
use Kerberos authentication in the same or trusting Kerberos realms.
The Kerberos ticket will remain on the remote host until it either
expires or it is explicitly destroyed. The -f option is ignored when
used with the -l option. Specifies to log into the remote host using
the specified username instead of the local username. If this option
is not specified, the local and remote usernames are the same. Allows
the rlogin session to be run in litout mode. In this mode, the escape
sequence ~. (where ~ is the escape character) disconnects you from the
remote host and the escape sequence ~^Z (where ^Z, or Ctrl-Z, is the
suspend character) suspends the rlogin session if you are using csh.
Encrypts the data transmitted between the local host and the remote
host. This option requires that the local and remote hosts be config‐
ured to use Kerberos authentication in the same or trusting Kerberos
realms.
DESCRIPTION
The rlogin command logs a user into a remote host that is running the
rlogind daemon. Alternatively, you can use the telnet command (if sup‐
ported).
The remote terminal type is the same as that given in the local TERM
environment variable. The terminal or window size is also the same, if
the remote host supports them, and any changes in size are transferred.
All echoing takes place at the remote host, so except for delays, the
terminal connection is transparent. Pressing the Stop and Continue key
sequences stops and starts the flow of information, and the input and
output buffers are flushed on Interrupts.
Unless otherwise modified by the -e option, the standard Escape charac‐
ter for disconnecting from the remote host is a ~ (tilde). The Escape
character is only recognized by the remote host if it occurs at the
beginning of a line. Otherwise, the Escape character is sent to the
remote host as a normal character. To send the Escape character to the
remote host as a normal character at the beginning of a line, press the
Escape character twice. Pressing the Escape character and a (dot) (for
example, ~.) immediately disconnects the local terminal from the remote
host.
The way that the remote host authenticates a user and transmits data
depends on if the local and remote hosts are using a basic connection
or a secure connection (Kerberos or Secure Shell). Basic and secure
connections provide user authentication; however, a secure connection
also provides client and server authentication, data encryption, data
integrity, and nonrepudiation.
Basic Connection
A basic connection is one where the rlogin command connects to the
remote host and the remote host authenticates the user if one of the
following conditions is satisfied: If the local user ID is the root
user, and the name of the local host is listed as an equivalent host in
the /etc/hosts.equiv file on the remote host. If the local user ID is
the root user or if the check of /etc/hosts.equiv fails, the user's
home directory on the remote host must contain a $HOME/.rhosts file
that lists the local host name and user name. The $HOME/.rhosts file
must be owned by either the remote user or the root user, and have per‐
missions set to 600 (read and write by owner only). If neither of the
previous conditions are met and a password is defined for the user
account on the remote host, the remote host prompts for a password.
The remote host checks its password file to verify the password
entered. The login prompt is displayed if the password is not correct.
Pressing the End-of-File key sequence at the login prompt ends the
remote login attempt.
The rlogin command allows access to the remote host if the remote user
account does not have a password defined. However, for security rea‐
sons, use of a password on all user accounts is recommended.
Secure Connection
A secure connection is one where the rlogin command connects to the
remote host by using either Kerberos or Secure Shell. Kerberos and
Secure Shell are client/server applications that authenticate the
client, server, and user; encrypt data; and ensure data integrity and
nonrepudiation. See your system administrator to determine if your
system is running Kerberos or Secure Shell software. See the Security
Administration guide for more information about Kerberos and Secure
Shell.
Kerberos
Kerberos does not use the /etc/host.equiv file or the $HOME/.rhosts
file for authentication. Kerberos authenticates by using secret-key
cryptography and tickets between Kerberos clients and Kerberos servers
in the same or trusting Kerberos realms. Once authenticated by Ker‐
beros, users receive a Kerberos Ticket Granting Ticket (TGT). Users
with a valid TGT are not prompted for a username or password when the
remote host is in the same or trusting Kerberos realm.
Secure Shell
Secure Shell authenticates users by using passwords, host-based identi‐
fication, or public and private keys between Secure Shell clients and
servers.
By default, the rlogin command will use Kerberos (with a valid TGT)
when a system is configured to use both Kerberos and Secure Shell.
To use Secure Shell to log in to a remote host, enter the Secure Shell
ssh2 (or ssh) command instead of the rlogin command. The ssh2 command
provides the same functionality and options as the rlogin command over
a secure connection. See ssh2(1) for more information on using the
Secure Shell ssh2 command.
Alternatively, you can configure the rsh, rlogin, and rcp commands and
applications that use the rcmd() function to automatically use a Secure
Shell connection by enabling the Secure Shell EnforceSecureRutils key‐
word in the /etc/ssh2/ssh2_config file or in a user's
$HOME/.ssh2/ssh2_config file. When the EnforceSecureRutils keyword is
enabled: The sshd daemon runs and spawns the srcmd child process; the
rlogind daemon does not run. The rlogin command can use Secure Shell
password or host-based authentication to authenticate users.
See Security Administration for more information about configuring
Secure Shell password and host-based authentication and the EnforceSe‐
cureRutils keyword.
After it is determined that Secure Shell will be used, all authentica‐
tion and communication between the client and server will use the
Secure Shell connection. A connection is not established if a user can‐
not be authenticated.
EXAMPLES
In the following examples, the local host is listed in the
/etc/hosts.equiv file at the remote host: To log in to a remote host
with your local username, enter: $ rlogin host2 Password: <Enter pass‐
word>
To log off the remote host and close the connection, enter the
End-of-File key sequence. To log in to a remote host with a
different username, enter: $ rlogin host2 -l dale
You are prompted to enter your password and then are logged in
to the remote host host2 with the username dale. To log in to
host2 with the your local username and change the Escape charac‐
ter to \ (backslash), enter: $ rlogin host2 -e\\
The following examples use Kerberos. The local host host1 and the
remote host host2 are in the same Kerberos realm. To log into the
remote host over an encrypted connection, enter: $ rlogin-x host2 To
log in and forward your Kerberos ticket to the remote host, enter: $
rlogin-f host2
FILES
Specifies remote hosts from which users can execute commands on the
local host (provided these users have an account on the local host).
Specifies remote users that can use a local user account. Specifies
Secure Shell client configuration information. Specifies Secure Shell
server configuration information.
SEE ALSO
Commands: kinit(1), kdestroy(1), klist(1), rcp(1), rlogin(1), ssh2(1),
telnet(1)
Files: hosts.equiv(4), rhosts(4), ssh2_config(4)
Guides: Security Administration
rlogin(1)