manpagez: man pages & more
info inetutils
Home | html | info | man 

File: inetutils.info,  Node: rlogin invocation,  Next: rsh invocation,  Prev: rexec invocation,  Up: Top

14 'rlogin': Remote login
*************************

The 'rlogin' command starts a terminal session on the specified remote
host, provided the required authentication is successful.  The remote
terminal type is the same as that given in the 'TERM' local environment
variable.  The terminal and the window size stay the same, if the remote
host supports them, and any changes in size are transferred as need may
be.

   When using the 'rlogin' command, you can create a link in your path,
using a host name as the link name.  For example:

     # ln -s /usr/bin/rlogin HOSTNAME
     # HOSTNAME -8

Afterwards, the use of HOSTNAME will automatically invoke 'rlogin' to
direct a log in request to the remote host named HOSTNAME.

   'rlogin' allows access to the remote host without the use of a
password.  The prerequisite is a suitable specification in '~/.rhosts'.
For details, *Note rcmd: (libc)rcmd.

14.1 Command line options
=========================

The options are as follows :

'-4'
'--ipv4'
     Use only IPv4.

'-6'
'--ipv6'
     Use only IPv6.

'-8'
'--8-bit'
     Allows an eight-bit input data path at all times; otherwise parity
     bits are stripped except when the remote side's stop and start
     characters are other than 'C-S'/'C-Q'.

'-d'
'--debug'
     Turns on socket debugging on the TCP sockets used for communication
     with the remote host.

'-e CHAR'
'--escape=CHAR'
     Allows user specification of the escape character, which is '~' by
     default.  This specification may be as a literal character, or as
     an octal value in the form '\nnn'.

'-E'
'--no-escape'
     Stops any character from being recognized as an escape character.
     When used with the '-8' option, this provides a completely
     transparent connection.

'-l USER'
'--user=USER'
     By default, the remote username is the same as the local username.
     This option, and the 'user@host' format, allow the remote user name
     to be made explicit, or changed.

The next three options are available only if the program has been
compiled with support for Kerberos authentication.

'-k REALM'
'--realm=REALM'
     The option requests rlogin to obtain tickets for the remote host in
     realm REALM instead of the remote host's realm.

'-K'
'--kerberos'
     Turns off all Kerberos authentication.

'-x'
'--encrypt'
     Turns on encryption for all data passed via the rlogin session.
     This may impact response time and CPU utilization, but provides
     increased security.

14.2 Escape characters and flow control
=======================================

As long as the connection stands, the client program 'rsh' is observing
the input stream in order to detect so called escape sequences, allowing
the user to execute some local actions without having to tear down the
remote connection.

   The sequences consist of two characters, the first of which always is
the distinguished character ESCAPE-CHAR.  The following sequences are
supported:

   * 'ESCAPE-CHAR .' disconnects from the remote host.

   * 'ESCAPE-CHAR C-d' does the same.  (Termios character 'VEOF'.)

   * 'ESCAPE-CHAR C-z' suspends the session, halting the remote process,
     but keeping it ready for resumed processing.  The user is given
     access to a local shell.  (Termios character 'VSUSP'.)

   * 'ESCAPE-CHAR DELAYED-SUSPEND-CHAR' implements a half-way suspend,
     in the sense of stopping local input from reaching the remote side,
     but still displaying all output from the remote host on the local
     terminal.  The remote process is still running, but the local user
     is given a local shell until the resuming the original command.
     Normally, only BSD systems offer this mode.  (Termios character
     'VDSUSP'.)

By default, the character tilde '~' is assigned to ESCAPE-CHAR, but it
can be changed using the option '--escape'.  The processing of escape
sequences can even be disable using the option '--no-escape'.  On BSD
systems, DELAYED-SUSPEND-CHAR is usually set to 'C-Y'.  It displays as
'dsusp' using 'stty'.

   All echoing takes place at the remote site, so that the 'rlogin' is
transparent except possibly for transmission delays.  Flow control via
'C-S' and 'C-Q', if at all supported, will stop and start the flow of
data on the local terminal.  Flushing of input and output on interrupts
is also handled properly.

   On the server side the 'iruserok' and 'ruserok' functions are used to
authenticate the connection request, unless Kerberised mode is in
effect.  See the appropriate man pages for more information.

14.3 Kerberos Authentication
============================

If 'rlogin' was compiled with kerberos support, options '-x', '-k', '-K'
are available.  Each user may have a private authorization list in the
file '.k5login' in their home directory.  Each line in this file should
contain a Kerberos principal name of the form
'principal/instance@realm'.  If the originating user is authenticated to
one of the principals named in '.k5login', access is granted to the
account.  The principal 'accountname@localrealm' is granted access if
there is no '.k5login' file.  Otherwise a login and password will be
prompted for on the remote machine as in 'login'.  To avoid certain
security problems, the '.k5login' file must be owned by the remote user.
If Kerberos authentication fails, a warning message is printed and the
standard Berkeley rlogin is used instead.

© manpagez.com 2000-2025
Individual documents may contain additional copyright information.