rlogin - the legacy remote login tool
rlogin (remote login) program was a tool for remotely using a computer over a network. It could be used to get a command-line on a remote computer. It has since been superceded by ssh. Everyone who still has
rlogin enabled is encouraged to immediately disable it for important security reasons.
rlogin tool was introduced in BSD Unix in the 1980s. It was an important tool at the time, but it suffered from several shortcomings. Its security was poor, and its usability wasn't great.
Security Issues in
The main problem with rlogin was that it sent user passwords over a network in the clear, without any encryption. This meant that any attacker with access to the network could read user names and passwords from the network. It only took a few hours of programming to write the software to do this, and it was commonly done. It was called password sniffing, and it was very common in the mid 1990s.
rlogin did support Kerberos for encryption, but at the time, Kerberos was export controlled and not widely deployed outside a few universities and government environments. Thus, in practice passwords sent using it were vulnerable.
.rhosts files for authentication. These files rely on IP addresses for authentication, and spoofing IP addresses is fairly easy. For example, any attacker on the local network can pretend to be any other host. In the past, these attacks could also be performed remotely due to predictable TCP sequence numbers.
Usability Issues in
rlogin program does not automatically set up the user's
DISPLAY environment variable for running graphical applications remotely using X11. Most researchers and power users want to run programs remotely - editing, analysis/simulation tools, etc. Especially with X terminals, such use was critically important.
SSH differed from
rlogin by setting the
DISPLAY environment variable automatically. This simple usability improvement was one of the major reasons why universities adopted SSH early on. It was just easier to use. Easier to teach to new students. Less support required. Just easier and more cost-effective for everyone.