The R-Utilities


This famous set of network utilities was originally developed at the University of California at Berkeley and included in its versions of Unix that followed. Because all these utilities start with the letter R, which stands for remote, they often are lumped together and called the R-utilities. These utilities share more than just a common first letter. They also use an authentication scheme that most network administrators consider to be very insecure . These files will be discussed first, and then we'll look at some of these utilities, showing the syntax examples from Solaris 8 and FreeBSD for comparisons.

How the Traditional R-Utilities Authorize Access to Your Network's Resources

Newer versions of these utilities use authentication schemes using such methods as Kerberos tickets, as you will see in some of the syntax examples for the FreeBSD commands. However, because these tools were developed to make it simple to perform basic network functions, having to enter a username and password each time you used a utility was considered too much of a hassle. Those were the days, you should remember, before security was considered an issue.

To overcome this username/password obstacle , the R-utilities can use two files to perform authorization without having to send a password across the network. These are the hosts .equiv and .rhosts files.

The System's hosts.equiv and .rhosts Files

The hosts.equiv file is a global file that is managed by the system administrator for a computer. It contains a list of remote computers that are to be trusted on this computer. When a user executes one of the R-utilities, this file can be consulted to see whether the host computer of that user is a trusted one. If so, the user is allowed to perform the same actions and is given the same access as a local account of the same name . This file also can have one or more usernames associated with a remote host, restricting access to just those usernames.

The file .rhosts is a local file that can be created in any user's home directory. It performs the same function as the systemwide hosts.equiv file. The format for basic entries into either of these files is

 hostname [  username  ] 

If you enter only a hostname on a line by itself, all users from that host who have accounts on this computer will be allowed access. If you place a username after the hostname (with a space or tab to separate them), that particular user will have access. To make it easier to restrict access with these files, most Unix systems allow you to use a few other methods to create entries in these files:

  • + username ” Allows access for this username.

  • - username ” Specifically prohibits access for this username.

  • hostname + ” Allows all users from hostname to access the system using a local user account.

  • - hostname ” Specifically prohibits users from hostname from access.

For example, the entry

  hostname   username  

prohibits the user indicated by username coming from the host hostname from gaining access to the local computer using the hosts.equiv or .rhosts file.

To make matters even more complicated, you must consider the search order and how the entries in these files are evaluated. The hosts.equiv file is searched, and then the .rhosts file is searched. When a positive entry is found, granting access, the process stops. When a negative entry is found that denies access, the process stops. If no entries are found that grant or deny access, then access is denied .

The use of these files, and indeed of any insecure earlier versions of the R-utilities, is highly discouraged. For more information about how these can be abused, see Chapter 46, "Basic Security Measures Every Network Administrator Needs to Know."

The rlogin Utility

This utility uses TCP (port 513) and enables you to establish an interactive session with another computer, similar to telnet. However, the rlogin command uses a much simpler protocol. It was introduced in version 4.2 of BSD Unix and is defined in RFC 1282, "BSD Rlogin." Unlike telnet, rlogin does not use option negotiation. Instead, it allows a simple exchange of commands between the two systems.

The protocol is a simple one. The client software sends a string of text to the server. This string consists of a zero byte, the login name of the user on the client, another zero byte, the login name to be used on the server, another zero byte, the terminal type, the slash character, the speed of the terminal, and, finally, another zero byte.

The rlogin server will respond to this string with a zero byte. Then, if a password is required on the server (that is, the user is not found in the hosts.equiv or .rhosts files), the server will send a prompt string to the client. If the user sends the correct password back, the session can continue. Note again here the security problem with another TCP/IP utility. The username and the password are not encrypted in most versions of this utility. They go over the network as ordinary clear text that any network sniffer can detect. Newer forms of this utility use more secure authentication methods, but the basic protocol does not define this.

Finally, the server sends a request to the client to find out the client's window size. After the session has been established, communication from the client to the server takes place using only one character at a time. When you consider that the server then echoes back the character to the client, you can start to see that rlogin isn't as efficient as some other protocols. To help prevent this, the Nagle algorithm normally is used, enabling the buffering of several characters into a single TCP segment.

The only command that the client can send to the server is the window size, and the client can send this only in response to a query from the server. The server can send various commands to the client, and it uses TCP's Urgent Data pointer to indicate the control command byte in the data stream. A client receiving a TCP segment with the Urgent Data pointer will immediately buffer all data up to the command byte and then interpret the command byte. There are only four possible commands:

  • 0x02 ” This causes the client to discard all buffered data that hasn't yet been displayed on the client.

  • 0x10 ” This switches the client to "raw" mode, in which the ASCII STOP and START characters (Ctrl+S and Ctrl+Q) are ignored by the client and passed as data to the server to deal with.

  • 0x20 ” This switches the client back to its normal mode of interpreting the ASCII START and STOP characters.

  • 0x80 ” This is the window size request the server can send to the client.

The control byte pointed to by the Urgent Data pointer is not displayed on the client's display, and all values other than those listed are ignored.

Using the rlogin Command

The syntax for this command will, as with most Unix commands, vary from system to system. Here we'll look at the syntax for Solaris 8 and then the syntax for FreeBSD Unix.

The syntax for the rlogin command for Solaris 8 is

 rlogin [ -8EL ] [-e  c  ] [ -l]  username   hostname  

where

  • -8 ” Indicates that 8-bit data should be used for the connection instead of 7-bit data representations.

  • -e c ” Is used to specify a different escape character. Substitute the escape character for c .

  • -E ” Means that no character will be recognized as the escape character.

  • -l username ” Is used to specify a different username for the logon procedure. The default is to use the same username you used to log on to your local system.

  • hostname ” Specifies the name of the remote host to which you want to log on.

Solaris also enables the user to enter escape characters during the rlogin session. The tilde character ( ~ ) starts the escape sequence. The sequence of characters ~. causes the computer to immediately disconnect from the remote host. ~susp suspends the login session if you are using a shell with Job Control.

The syntax for the rlogin command for FreeBSD is

 rlogin [  -468DEKLdx  ] [  -e   char  ] [  -i   localname  ] [  -k   realm  ] [  -l   username  ]  host  

where

  • -4 ( -6 ) ” Specifies to use IPv4 or IPv6 addresses only.

  • -8 ” Allows for 8-bit data transmissions.

  • -D ” Sets the TCP-NODELAY socket option. This can improve interactive responses, but also increases the load on the network.

  • -E ” Means that no character is recognized as the escape character.

  • -K ” Turns off all Kerberos authentication.

  • -L ” Lets the rlogin session run in "litout" mode.

  • -d ” Turns on socket debugging.

  • -x ” Turns on DES encryption for the data stream passed between client and server. Because the original implementation of rlogin uses clear-text, this is a very good option to use.

  • -e char ” Is used to specify a different escape character. Substitute the escape character for char . The default escape character is the tilde.

  • -i ” Lets the sender specify a different local name to be used for authorization purposes. Processes must have the UID of zero to use this feature.

  • -k realm ” Requests that rlogin obtain Kerberos tickets in the host realm instead of the host's currently defined realm.

  • -l username ” Is used to specify a different username for the logon procedure. The default is to use the same username that you are logged in under on your local system.

  • host ” Specifies the host with which you want to establish a remote session.

As you can see, the FreeBSD's latest version of rlogin provides more security than the basic version of this program. By adding authentication schemes other than clear-text, and by allowing the data stream to be encrypted, this utility can be used in an environment requiring a medium amount of security.

Using rsh

The Remote Shell (rsh) utility enables you to execute a single command on the remote node. This utility first makes a connection to the remote computer and then executes the command specified by the user. It copies standard input to the remote command, and the standard output resulting from the remote command, if any, is copied back to the local standard output. Likewise, the remote standard error stream is copied back to the local standard error stream.

This utility is not meant for use when you need to execute a lot of commands or use an interactive program, such as the vi editor, that is screen-oriented . Instead, it is a quick way to execute a single command on another network node that supports the protocol.

The rsh utility has been implemented, like most of the other R-utilities, differently on various Unix flavors.

The syntax for the rsh command on Solaris 8 is

 rsh [ -n] [ -l  username  ]  hostname command  rsh  hostname  [ -n ] [-l  username  ]  command  rmesh [ -n ] [ -l  username  ]  hostname command  rmesh  hostname  [ -n ] [ -l  username  ]  command   hostname  [ -n ] [ -l  username  ]  command  

This command makes a connection with the remote hostname system. The command you enter on the command line will be executed. Standard Unix inputs and outputs will be manipulated to display the results of the command on your display. Note that if you don't include a command in the syntax, you will enter an rlogin session for this command on Solaris. See the preceding section for information about using rlogin .

Command-line parameters for this command include the following:

  • -l username ” Substitute this username on the remote system instead of using the local username.

  • hostname ” The name of the remote host on which the command will be executed.

  • command ” The command to be executed on the remote computer.

  • -n ” Redirects the input of rsh to /dev/null .

Remember that this utility runs just one command on the remote system. For example, you can use it to rename a file or copy a file on a remote system. To edit the file, however, you would have to use telnet or rlogin , both of which allow for interaction with a program running on a remote system.

The syntax for this command on FreeBSD is

  rsh  [  -46Kdnx  ] [  -t   timeout  ] [  -k   realm  ] [  -l   username  ]  host  [  command  ] 

where

  • -4 ( -6 ) ” Specifies to use IPv4 or IPv6 addresses only.

  • -K ” Disables Kerberos authentication.

  • -d ” Turns on socket debugging.

  • -n ” Redirects input to the special device /dev/null .

  • -x ” Turns on DES encryption for data exchanges, possibly causing a delay in response time due to the encryption overhead.

  • -t timeout ” If no data is sent across the connection established by rsh for timeout seconds, the rsh program will exit.

  • -k realm ” The rsh utility tries to get Kerberos tickets from the host in realm instead of the remote host's realm.

  • -l username ” Is used to specify a username on the remote system to use for authentication. The default is to use the same name as the local username.

Like the Solaris version of rsh, if you choose to omit a command from the command line when you invoke rsh, the rlogin program will run instead.

In both cases (Solaris and FreeBSD), metacharacters recognized by your shell must be enclosed in quotation marks for them to be included as part of the remote command.

You can also obtain a version of RSH and many other Unix commands and utilities by purchasing Microsoft's Services for Unix (see www.microsoft.com).

Using rcp

The Remote Copy ( rcp ) command is used to copy files between two computers on the network. You also could use FTP for this, but the rcp utility enables you to do the same thing with a more simplified syntax, and allows for authentication using .rhosts and hosts.equiv files. Another thing you can do with rcp that you can't do easily using a standard FTP client is to recursively copy directories and subdirectories.

The syntax for the rcp command for Solaris 8 is

 rcp [ -p ]  filename1 filename2  rcp [-pr ]  filename  ...  directory  

where

  • -p ” If possible, this option causes the copied file to have the same modification and access times as the original, as well as the same mode an any ACLs that were applied to the original file. Note that rcp will not work correctly if you try to copy ACLs to a system that doesn't support them.

  • -r ” This option is used when the destination is a directory. It indicates that each subtree that is rooted at filename (a directory) is copied.

In the first line of the preceding syntax, filename1 and filename2 are the source and destination filenames. In the second example, filename is a starting point for a set of subdirectories that will be copied to a directory directory on the remote system. Also note that you can use the rcp command to copy files between computers other than your own (third-party computers). In this case, you must specify the filename variables on the command line to include hostname: path . If you want to use a different username for authentication purposes, use the format username@hostname:filename instead. For third-party copies, the host that is the source of the file to be copied must have permission to access the target computer.

The FreeBSD syntax for this command is

  rcp  [  -Kpx  ] [  -k   realm  ]  file1 file2   rcp  [  -Kprx  ] [  -k   realm  ]  file ... directory  

where

  • -K ” Disables all Kerberos authentication.

  • -k realm ” The rcp utility tries to get Kerberos tickets from the host in realm instead of the remote host's realm.

  • -p ” Makes rcp attempt to keep the same modification times and modes of the source files when making copies.

  • -r ” Is used when the destination is a directory. It indicates that each subtree that is rooted at filename (a directory) is to be copied.

  • -x ” Turns on DES encryption for data that is sent between the two computers, at the expense of a slower copy time.

This version of rcp also enables you to perform third-party copying. The addition of Kerberos authentication and DES encryption are welcome improvements over the original rcp.

Using rwho

The rwho command is used to show information about users on the network. It works similar to the who command, but gets information from computers on the network instead of just local users.

Both Solaris 8 and FreeBSD versions of this command assume that a computer is down if they don't receive any data from it for five minutes. If a user is logged in but does not interact with the computer for more than an hour , the user will not be included in the display by default. The syntax for this command is

 rwho [ -a ] 

The -a option causes the report to include all users and ignore the one-hour idle timeout.

The file /var/rwho/whod.* path is used to store data files containing the hosts on the network about which the command reports ( /var/spool/rwho/rwhd.* for Solaris 8). Each computer on the network that can show up in the display produced by rwho must be running the rwhod daemon process. This background process sends out a broadcast packet of information on a periodic basis. Other servers store this information and use it when producing a display.

Using ruptime

For each machine on the network, the command ruptime reports a status line showing how long the system has been booted . Again, the file /var/rwho/whod.* ( /var/spool/rwho/rwhd.* for Solaris 8) path is used to store data files containing the hosts on the network about which the command reports. Each system must be running the rwhod daemon. Note that this background process sends out informational packets that remote systems collect for use with both the rwho and the ruptime commands.

For this command, both Solaris 8 and FreeBSD use the same syntax:

 ruptime [ -alrtu ] 

where

  • -a ” Causes the utility to report on the number of users on remote machines even if they have been idle for more than one hour.

  • -l ” Causes the display to be sorted by load average.

  • -r ” Reverses the sorting order for the displayed information.

  • -t ” Causes the display to be sorted by the amount of uptime for the systems shown.

  • -u ” Causes the display to be sorted by the number of users on the systems shown.

As you can see, ruptime can be a very handy utility to use to quickly survey selected nodes on your network.



Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2003
Pages: 434

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net