This famous set of network utilities was originally developed at the University of California at Berkeley and included in its versions of Unix that followed. Because all these utilities start with the letter R, which stands for remote, they often are lumped together and called the R-utilities. These utilities share more than just a common first letter. They also use an authentication scheme that most network administrators consider to be very insecure . These files will be discussed first, and then we'll look at some of these utilities, showing the syntax examples from Solaris 8 and FreeBSD for comparisons. How the Traditional R-Utilities Authorize Access to Your Network's ResourcesNewer versions of these utilities use authentication schemes using such methods as Kerberos tickets, as you will see in some of the syntax examples for the FreeBSD commands. However, because these tools were developed to make it simple to perform basic network functions, having to enter a username and password each time you used a utility was considered too much of a hassle. Those were the days, you should remember, before security was considered an issue. To overcome this username/password obstacle , the R-utilities can use two files to perform authorization without having to send a password across the network. These are the hosts .equiv and .rhosts files. The System's hosts.equiv and .rhosts FilesThe hosts.equiv file is a global file that is managed by the system administrator for a computer. It contains a list of remote computers that are to be trusted on this computer. When a user executes one of the R-utilities, this file can be consulted to see whether the host computer of that user is a trusted one. If so, the user is allowed to perform the same actions and is given the same access as a local account of the same name . This file also can have one or more usernames associated with a remote host, restricting access to just those usernames. The file .rhosts is a local file that can be created in any user's home directory. It performs the same function as the systemwide hosts.equiv file. The format for basic entries into either of these files is hostname [ username ] If you enter only a hostname on a line by itself, all users from that host who have accounts on this computer will be allowed access. If you place a username after the hostname (with a space or tab to separate them), that particular user will have access. To make it easier to restrict access with these files, most Unix systems allow you to use a few other methods to create entries in these files:
For example, the entry hostname username prohibits the user indicated by username coming from the host hostname from gaining access to the local computer using the hosts.equiv or .rhosts file. To make matters even more complicated, you must consider the search order and how the entries in these files are evaluated. The hosts.equiv file is searched, and then the .rhosts file is searched. When a positive entry is found, granting access, the process stops. When a negative entry is found that denies access, the process stops. If no entries are found that grant or deny access, then access is denied . The use of these files, and indeed of any insecure earlier versions of the R-utilities, is highly discouraged. For more information about how these can be abused, see Chapter 46, "Basic Security Measures Every Network Administrator Needs to Know." The rlogin UtilityThis utility uses TCP (port 513) and enables you to establish an interactive session with another computer, similar to telnet. However, the rlogin command uses a much simpler protocol. It was introduced in version 4.2 of BSD Unix and is defined in RFC 1282, "BSD Rlogin." Unlike telnet, rlogin does not use option negotiation. Instead, it allows a simple exchange of commands between the two systems. The protocol is a simple one. The client software sends a string of text to the server. This string consists of a zero byte, the login name of the user on the client, another zero byte, the login name to be used on the server, another zero byte, the terminal type, the slash character, the speed of the terminal, and, finally, another zero byte. The rlogin server will respond to this string with a zero byte. Then, if a password is required on the server (that is, the user is not found in the hosts.equiv or .rhosts files), the server will send a prompt string to the client. If the user sends the correct password back, the session can continue. Note again here the security problem with another TCP/IP utility. The username and the password are not encrypted in most versions of this utility. They go over the network as ordinary clear text that any network sniffer can detect. Newer forms of this utility use more secure authentication methods, but the basic protocol does not define this. Finally, the server sends a request to the client to find out the client's window size. After the session has been established, communication from the client to the server takes place using only one character at a time. When you consider that the server then echoes back the character to the client, you can start to see that rlogin isn't as efficient as some other protocols. To help prevent this, the Nagle algorithm normally is used, enabling the buffering of several characters into a single TCP segment. The only command that the client can send to the server is the window size, and the client can send this only in response to a query from the server. The server can send various commands to the client, and it uses TCP's Urgent Data pointer to indicate the control command byte in the data stream. A client receiving a TCP segment with the Urgent Data pointer will immediately buffer all data up to the command byte and then interpret the command byte. There are only four possible commands:
The control byte pointed to by the Urgent Data pointer is not displayed on the client's display, and all values other than those listed are ignored. Using the rlogin CommandThe syntax for this command will, as with most Unix commands, vary from system to system. Here we'll look at the syntax for Solaris 8 and then the syntax for FreeBSD Unix. The syntax for the rlogin command for Solaris 8 is rlogin [ -8EL ] [-e c ] [ -l] username hostname where
Solaris also enables the user to enter escape characters during the rlogin session. The tilde character ( ~ ) starts the escape sequence. The sequence of characters ~. causes the computer to immediately disconnect from the remote host. ~susp suspends the login session if you are using a shell with Job Control. The syntax for the rlogin command for FreeBSD is rlogin [ -468DEKLdx ] [ -e char ] [ -i localname ] [ -k realm ] [ -l username ] host where
As you can see, the FreeBSD's latest version of rlogin provides more security than the basic version of this program. By adding authentication schemes other than clear-text, and by allowing the data stream to be encrypted, this utility can be used in an environment requiring a medium amount of security. Using rshThe Remote Shell (rsh) utility enables you to execute a single command on the remote node. This utility first makes a connection to the remote computer and then executes the command specified by the user. It copies standard input to the remote command, and the standard output resulting from the remote command, if any, is copied back to the local standard output. Likewise, the remote standard error stream is copied back to the local standard error stream. This utility is not meant for use when you need to execute a lot of commands or use an interactive program, such as the vi editor, that is screen-oriented . Instead, it is a quick way to execute a single command on another network node that supports the protocol. The rsh utility has been implemented, like most of the other R-utilities, differently on various Unix flavors. The syntax for the rsh command on Solaris 8 is rsh [ -n] [ -l username ] hostname command rsh hostname [ -n ] [-l username ] command rmesh [ -n ] [ -l username ] hostname command rmesh hostname [ -n ] [ -l username ] command hostname [ -n ] [ -l username ] command This command makes a connection with the remote hostname system. The command you enter on the command line will be executed. Standard Unix inputs and outputs will be manipulated to display the results of the command on your display. Note that if you don't include a command in the syntax, you will enter an rlogin session for this command on Solaris. See the preceding section for information about using rlogin . Command-line parameters for this command include the following:
Remember that this utility runs just one command on the remote system. For example, you can use it to rename a file or copy a file on a remote system. To edit the file, however, you would have to use telnet or rlogin , both of which allow for interaction with a program running on a remote system. The syntax for this command on FreeBSD is rsh [ -46Kdnx ] [ -t timeout ] [ -k realm ] [ -l username ] host [ command ] where
Like the Solaris version of rsh, if you choose to omit a command from the command line when you invoke rsh, the rlogin program will run instead. In both cases (Solaris and FreeBSD), metacharacters recognized by your shell must be enclosed in quotation marks for them to be included as part of the remote command. You can also obtain a version of RSH and many other Unix commands and utilities by purchasing Microsoft's Services for Unix (see www.microsoft.com). Using rcpThe Remote Copy ( rcp ) command is used to copy files between two computers on the network. You also could use FTP for this, but the rcp utility enables you to do the same thing with a more simplified syntax, and allows for authentication using .rhosts and hosts.equiv files. Another thing you can do with rcp that you can't do easily using a standard FTP client is to recursively copy directories and subdirectories. The syntax for the rcp command for Solaris 8 is rcp [ -p ] filename1 filename2 rcp [-pr ] filename ... directory where
In the first line of the preceding syntax, filename1 and filename2 are the source and destination filenames. In the second example, filename is a starting point for a set of subdirectories that will be copied to a directory directory on the remote system. Also note that you can use the rcp command to copy files between computers other than your own (third-party computers). In this case, you must specify the filename variables on the command line to include hostname: path . If you want to use a different username for authentication purposes, use the format username@hostname:filename instead. For third-party copies, the host that is the source of the file to be copied must have permission to access the target computer. The FreeBSD syntax for this command is rcp [ -Kpx ] [ -k realm ] file1 file2 rcp [ -Kprx ] [ -k realm ] file ... directory where
This version of rcp also enables you to perform third-party copying. The addition of Kerberos authentication and DES encryption are welcome improvements over the original rcp. Using rwhoThe rwho command is used to show information about users on the network. It works similar to the who command, but gets information from computers on the network instead of just local users. Both Solaris 8 and FreeBSD versions of this command assume that a computer is down if they don't receive any data from it for five minutes. If a user is logged in but does not interact with the computer for more than an hour , the user will not be included in the display by default. The syntax for this command is rwho [ -a ] The -a option causes the report to include all users and ignore the one-hour idle timeout. The file /var/rwho/whod.* path is used to store data files containing the hosts on the network about which the command reports ( /var/spool/rwho/rwhd.* for Solaris 8). Each computer on the network that can show up in the display produced by rwho must be running the rwhod daemon process. This background process sends out a broadcast packet of information on a periodic basis. Other servers store this information and use it when producing a display. Using ruptimeFor each machine on the network, the command ruptime reports a status line showing how long the system has been booted . Again, the file /var/rwho/whod.* ( /var/spool/rwho/rwhd.* for Solaris 8) path is used to store data files containing the hosts on the network about which the command reports. Each system must be running the rwhod daemon. Note that this background process sends out informational packets that remote systems collect for use with both the rwho and the ruptime commands. For this command, both Solaris 8 and FreeBSD use the same syntax: ruptime [ -alrtu ] where
As you can see, ruptime can be a very handy utility to use to quickly survey selected nodes on your network. |