Your browser does not allow storing cookies. We recommend enabling them.

rlogin

The rlogin (remote login) program was a tool for remotely using a computer over a network. It could be used to get a command-line on a remote computer. It has since been superceded by ssh. Everyone who still has rlogin enabled is encouraged to immediately disable it for important security reasons.

The rlogin tool was introduced in BSD Unix in the 1980s. It was an important tool at the time, but it suffered from several shortcomings. Its security was poor, and its usability wasn't great.

Security Issues in rlogin

The main problem with rlogin was that it sent user passwords over a network in the clear, without any encryption. This meant that any attacker with access to the network could read user names and passwords from the network. It only took a few hours of programming to write the software to do this, and it was commonly done. It was called password sniffing, and it was very common in the mid 1990s.

rlogin did support Kerberos for encryption, but at the time, Kerberos was export controlled and not widely deployed outside a few universities and government environments. Thus, in practice passwords sent using it were vulnerable.

Furthermore, rlogin supports .rhosts files for authentication. These files rely on IP addresses for authentication, and spoofing IP addresses is fairly easy. For example, any attacker on the local network can pretend to be any other host. In the past, these attacks could also be performed remotely due to predictable TCP sequence numbers.

Usability Issues in rlogin

The rlogin program does not automatically set up the user's DISPLAY environment variable for running graphical applications remotely using X11. Most researchers and power users want to run programs remotely - editing, analysis/simulation tools, etc. Especially with X terminals, such use was critically important.

SSH differed from rlogin by setting the DISPLAY environment variable automatically. This simple usability improvement was one of the major reasons why universities adopted SSH early on. It was just easier to use. Easier to teach to new students. Less support required. Just easier and more cost-effective for everyone.

More Information


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more