Berkeley Remote Utilities

The Berkeley Systems Design (BSD) Unix implementation, known as BSD Unix, was a major step in Unix's development. Many innovations that began with BSD Unix are now standard on other Unix systems and have been incorporated into other operating systems in the world of TCP/IP and the Internet.

One of the innovations of BSD Unix was a small set of command-line utilities designed to provide remote access to Unix systems. This set of utilities became known as the Berkeley r* utilities, because the name of each utility begins with an r for remote. The Berkeley r* utilities are still available on Unix systems, and versions of most of the r* utilities are distributed with OpenVMS, Linux, Windows NT, Windows 2000, and other operating systems. However, even though TCP/IP is becoming more popular and more universal, these TCP/IP utilities have received comparatively less attention.

Some of the Berkeley r* utilities are as follows:

  • Rlogin This utility allows users to log in remotely.

  • Rcp This utility provides remote file transfer.

  • Rsh This utility executes a remote command through the rshd daemon.

  • Rexec This utility executes a remote command through the rexecd daemon.

  • Ruptime This utility displays system information on uptime and the number of connected users.

  • Rwho This utility displays information on users who are currently connected.

The r* utilities were designed in an earlier and simpler time for TCP/IP networking. The creators of these utilities expected that only trusted users would access these utilities. Today, many admins reject the whole concept of a "trusted" user. The r* utilities are generally considered too risky for today's open and interconnected networks and, even on an internal network, you must be very careful about how and when to use these utilities. The r* utilities do have a rudimentary security system that, if implemented properly, offers a measure of protection in very restricted and trusted environments.

By the Way

In recent years, more secure versions of some of the r* utilities have been developed to meet the need for security in today's Internet environment. Ssh, for example, is a secure remote shell application that replaces rsh and rlogin. Ssh uses encryption for secure authentication over hostile networks. You'll learn more about encryption and other security measures in Hour 20.


The r* utilities use a concept called trusted access. Trusted access allows one computer to trust another computer's authentication. In Figure 15.3, if Computer A designates Computer B as a trusted host, users who log in to Computer B can use the r* utilities to access Computer A without supplying a password. Computer A can also designate specific users who will be trusted users. Trusted hosts and users are identified in the /etc/hosts.equiv file of the remote machine to which the user is attempting to gain access. The .rhosts file in each user's home directory can also be used to grant trusted access to the user's account.

Figure 15.3. Unix trusted access.

graphics/15fig03.gif

By the Way

Because the /etc/hosts.equiv file and the .rhosts file grant access to system resources, they are a major target for network intruders. See Hour 19, "What Hackers Do," for more on network attacks. The vulnerability of the hosts.equiv file and the .rhosts file is one reason why the r* utilities are no longer considered secure.


The following sections discuss some of the Berkeley r* utilities.

Rlogin

Rlogin is a remote login utility. You can use rlogin to connect with a Unix host that is running the server daemon rlogind (d stands for daemon). Rlogin serves the same purpose as Telnet, but rlogin is considerably less versatile. Rlogin is designed specifically to provide access to Unix systems, whereas Telnet, which is covered under a TCP/IP standard, can have a broader application. Also, rlogin does not provide some of the configuration negotiation features available with Telnet.

A significant feature of rlogin is that, because it uses the r* utilities security model, it supports remote login without a password. No-password access is a property of all r* utilities, but some users consider a passwordless terminal session a little more unsettling than some of the other functions achievable through the r* utilities. Nevertheless, the r* utilities' security model does limit access to trusted users.

By the Way

It is important to keep in mind that network operating systems such as NetWare and Windows NT/2000 also provide methods for passwordless access to network resources after the user has achieved some form of initial authentication. The Kerberos authentication scheme, described in Hour 20, provides passwordless access to network resources on Unix/Linux, as well as Windows, networks. Many of the benefits of the r* utilities can now be achieved through other, more secure methods.


The syntax for the rlogin command is as follows:

 rlogin hostname 

where hostname is the hostname of the computer to which you'd like to gain access. If no username is specified, the username defaults to the user's username on the local computer. Otherwise, you can specify a username as follows:

 rlogin hostname -l username 

where username is the username you want to use for the login.

The server daemon rlogind, which must be running on the server machine, then checks host.equiv and .rhosts files to verify host and user information. If this authentication is successful, the remote session begins.

Rcp

Rcp provides remote file access to Unix systems. Rcp is not as versatile or as widely used as FTP, but it is still sometimes used for file transfer in the Unix world. See Hour 14 for more on rcp.

Rsh

Rsh lets you execute a single command on a remote computer without logging in to the remote computer. Rsh is short for remote shell. (A shell is a command interface to the operating system.) The rshd daemon, running on the remote computer, accepts the rsh command, verifies the username and hostname information, and executes the command. Rsh is useful when you want to enter one command and don't need or want to establish a terminal session with the remote computer.

The format for the rsh command is

 rsh -l username hostname command 

where hostname is the hostname of the remote computer, username is the name to use when accessing the remote computer, and command is the command you would like to execute.

The username (preceded by the -l ) is optional. If you do not include a username, it will default to the name on the local host as follows:

 rsh hostname command 

Rexec

Rexec is like rsh in that it instructs the remote computer to execute a command. Rexec uses the rexecd daemon.

The syntax for the rexec command is as follows:

 rexec hostname -l username command 

where hostname is the name of the host, username is the user account name on the remote computer, and command is the command you want to execute. If you omit -l username, the username will default to the username on the local computer.

Ruptime

Ruptime displays a summary of how many users are logged in to each computer on the network. Ruptime also lists how long each computer has been up hence the name r-up-time and displays some additional system information.

To generate a ruptime report, you need only enter

 ruptime 

Both ruptime and rwho (see the next section) use the rwhod daemon. Actually, each computer on the network has an rwhod daemon that broadcasts regular reports of user activity. Each rwhod daemon receives and stores the reports from other rwhod daemons for a network-wide view of user activity.

Rwho

Rwho reports on all users who are currently logged on to network computers. Rwho lists usernames, the computer each user is logged in to, the time of login, and the time elapsed since login.

The syntax of the rwho command is simply

 rwho 

The default report excludes users whose terminals have been inactive more than an hour. For a report on all users, use the -a option:

 rwho -a 

Rwho, like ruptime, uses the rshod daemon.



Sams Teach Yourself TCP/IP in 24 Hours
Sams Teach Yourself TCP/IP in 24 Hours (4th Edition)
ISBN: 0672329964
EAN: 2147483647
Year: 2003
Pages: 259
Authors: Joe Casad

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net