Berkeley r-commands

Last updated
Berkeley r-commands
Developer(s) Computer Systems Research Group at the University of California, Berkeley
Initial releaseJune 1981;42 years ago (1981-06)
Operating system Unix and Unix-like
Type Command suite
License BSD

The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. [1] The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP (the protocol stack of the Internet). [2]

Contents

The CSRG incorporated the r-commands into their Unix operating system, the Berkeley Software Distribution (BSD). The r-commands premiered in BSD v4.1. [2] Among the programs in the suite are: rcp (remote copy), rexec (remote execution), rlogin (remote login), rsh (remote shell), rstat, ruptime, and rwho (remote who). [2] [3]

The r-commands were a significant innovation, and became de facto standards for Unix operating systems. [4] [5] With wider public adoption of the Internet, their inherent security vulnerabilities became a problem, [6] and beginning with the development of Secure Shell protocols and applications in 1995, its adoption entirely supplanted the deployment and use of r-commands (and Telnet) on networked systems. [7]

Overview
Service Port Transport Refs
Client Daemon
rcprshd514TCP
rexecrexecd512TCP [8]
rloginrlogind513TCP [9]
rshrshd514TCP
rstatrstatdUDP
ruptimerwhod513UDP [10]
rwho [9] [10]

Protocol

The original Berkeley package that provides rlogin also features rcp (remote-copy, allowing files to be copied over the network) and rsh (remote-shell, allowing commands to be run on a remote machine without the user logging into it).

As an example, the protocol is as follows: [11] 

Client: <null> usernameontheclient<null> usernameontheserver<null> terminaltype/terminalbaudrate<null>  Server:

The server would check that the user should have access. If so, it returns a message with nothing in it (not even a null character), meaning the connection is established. For example:

Client: <null> bostic<null> kbostic<null> vt100/9600<null>  Server:

Both rlogin and rsh share the /etc/hosts.equiv (applies to all users on the server) and $HOME/.rhosts (applies to only the user that puts the file in its home folder) access-control scheme, although they connect to different daemons. rlogin connects to rlogind, while rsh connects to rshd. hosts.equiv and .rhosts uses the same format. The following shows some aspects of the format: [12] [13] 

host1 host2user_a -host3 +@group1-user_b -@group2

This allows all users from host1 to login, user_a from host2 to login, no users from host3, all users on group1 except user_b, and no users on group2.

Commands

rlogin

rlogin enables a user to log in on another server via computer network, using TCP network port 513.

rlogin is also the name of the application layer protocol used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1282, in which it was defined, states: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a daemon, rlogind, on the remote host. rlogin is similar to the Telnet command, but is not as customizable and is able to connect only to Unix-like hosts.

rsh

rsh opens a shell on a remote computer without a login procedure. Once connected, the user can execute commands on the remote computer through the shell's command-line interface. rsh passes input and output through the standard streams, and it sends standard output to the user's console. Over the network, standard input and standard out flow through TCP port 514, while Standard Error flows through a different TCP port, which the rsh daemon (rshd) opens. [14]

rexec

Like rsh, rexec enables the user to run shell commands on a remote computer. However, unlike the rsh server, the rexec server (rexecd) requires login: it authenticates users by reading the username and password (unencrypted) from the network socket. [15] rexec uses TCP port 512.

rcp

rcp can copy a file or directory from the local system to a remote system, from a remote system to the local system, or from one remote system to another. [16] The command line arguments of cp and rcp are similar, but in rcp remote files are prefixed with the name of the remote system:

rcp file.txt subdomain.domain:~/home/foo/file.txt

As with the Unix copy command cp, rcp overwrites an existing file of the same name in the target; unlike cp, it provides no mechanism for warning the user before overwriting the target file. [16] Like rsh, rcp uses TCP port 514. [17]

rwho

Just as the who command lists the users who are logged in to the local Unix system, rwho lists those users who are logged into all multi-user Unix systems on the local network. [18] rwho's daemon, rwhod, maintains a database of the status of Unix systems on the local network. The daemon and its database are also used by the ruptime program. [19]

rstat

rstat returns performance statistics from the kernel.

ruptime

Just as the uptime command shows how long a Unix system has been running since the last restart, ruptime requests a status report from all computers on the local network. It then returns the uptime report. If a computer did not respond within the time limit, then ruptime reports that the system is down. [20] This information is tracked and stored by the daemon rwhod, which is also used by the rwho command. [19]

Security

Those r-commands which involve user authentication (rcp, rexec, rlogin, and rsh) share several serious security vulnerabilities:

Due to these problems, the r-commands fell into relative disuse (with many Unix and Linux distributions no longer including them by default). Many networks that formerly relied on rlogin and telnet have replaced them with SSH and its rlogin-equivalent slogin. [21] [22]

See also

Notes

  1. Horwitz, Jeff (2003) [2002]. "Using the Berkeley r-commands Without a Password". Unix System Management: Primer Plus. Sams Publishing. p. 339. ISBN   978-0-672-32372-0 . Retrieved 2018-03-04 via Google Books.
  2. 1 2 3 McKusick, Marshall Kirk (1999). "Twenty Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable". Open Sources: Voices from the Open Source Revolution. O'Reilly & Associates. Section: "4.2BSD". ISBN   978-1-56592-582-3 . Retrieved 2018-03-03.
  3. Pyles, James; Carrell, Jeffrey L.; Tittel, Ed (2017). "Which IP Services Are Most Vulnerable?". Guide to TCP/IP: IPv6 and IPv4 (5th ed.). Cengage Learning. p. 659. ISBN   978-1-305-94695-8 via Google Books.
  4. Casad (2008), p. 346
  5. Negus, Christopher (2004-07-02). "About "r" Commands". Red Hat Fedora Linux 2 Bible. Wiley. ISBN   0-7645-5745-9. OCLC   441918216 . Retrieved 2018-03-04.
  6. "A Case Study of Using a Secure Network Layer Protocol". CiteSeerX   10.1.1.178.8497 .
  7. Nicholas Rosasco; David Larochelle. "How and Why More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH" (Conference Paper). Harvard University. doi:10.1007/1-4020-8090-5_18. S2CID   19035681 . Retrieved 13 April 2023.
  8. "REXEC command—Execute a command on the remote host and receive the results on your local host". z/OS Communications Server: IP User's Guide and Commands. 2013 [1990]. Retrieved 2018-03-04.
  9. 1 2 "More on Ports". FreeBSD Network Administrators Guide. Retrieved 2018-03-04.
  10. 1 2 Casad (2008), pp. 350–51
  11. Kantor, Brian (December 1991). BSD Rlogin (Report). Internet Engineering Task Force.
  12. ".rhosts File Format for TCP/IP". www.ibm.com. Retrieved 2023-11-29.
  13. "hosts.equiv File Format for TCP/IP". www.ibm.com. Retrieved 2023-11-29.
  14. Edwards, Wade; Lancaster, Tom; Quinn, Eric; Rohm, Jason; Tow, Bryant (2004). CCSP: Secure PIX and Secure VPN Study Guide. Sybex. p. 154. ISBN   0-7821-4287-7 . Retrieved 2018-03-07 via Google Books.
  15. "rexecd(8)". manpagez.com. Retrieved 2018-03-03.
  16. 1 2 Farrell, Phillip (3 August 2004). "rcp". earthsci.stanford.edu. Stanford University School of Earth, Energy & Environmental Sciences. Archived from the original on 2021-02-07. Retrieved 2018-03-06.
  17. "Rlogin, RSH, and RCP". SourceDaddy. Retrieved 2018-02-18.
  18. "rwho (1) - Linux Man Pages" . Retrieved 2018-03-07.
  19. 1 2 "rwhod (8) - Linux Man Pages" . Retrieved 2018-03-07.
  20. "ruptime (1) - Linux Man Pages". SysTutorials. Retrieved 2018-03-07.
  21. Sobell, Mark (2010). A Practical Guide to Linux Commands, Editors, and Shell Programming. Pearson Education, Inc. ISBN   978-0-13-136736-4.
  22. "Unix job control command list". Indiana University. Retrieved 20 December 2014.

Related Research Articles

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call system. NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.

In computer networking, the Name/Finger protocol and the Finger user information protocol are simple network protocols for the exchange of human-oriented status and user information.

Berkeley sockets is an application programming interface (API) for Internet sockets and Unix domain sockets, used for inter-process communication (IPC). It is commonly implemented as a library of linkable modules. It originated with the 4.2BSD Unix operating system, which was released in 1983.

rsync File synchronization protocol and software

rsync is a utility for efficiently transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like operating systems and is under the GPL-3.0-or-later license.

Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

IPX/SPX stands for Internetwork Packet Exchange/Sequenced Packet Exchange. IPX and SPX are networking protocols used initially on networks using the Novell NetWare operating systems. They also became widely used on networks deploying Microsoft Windows LANS, as they replaced NetWare LANS, but are no longer widely used. IPX/SPX was also widely used prior to and up to Windows XP, which supported the protocols, while later Windows versions do not, and TCP/IP took over for networking.

Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself.

<span class="mw-page-title-main">Shell account</span> User account on a remote server

A shell account is a user account on a remote server, traditionally running under the Unix operating system, which gives access to a shell via a command-line interface protocol such as telnet, SSH, or over a modem using a terminal emulator.

TCP Wrappers is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

The remote shell (rsh) is a command-line computer program that can execute shell commands as another user, and on another computer across a computer network.

<span class="mw-page-title-main">X display manager</span>

In the X Window System, an X display manager is a graphical login manager which starts a login session on an X server from the same or another computer.

The Line Printer Daemon protocol/Line Printer Remote protocol is a network printing protocol for submitting print jobs to a remote printer. The original implementation of LPD was in the Berkeley printing system in the BSD UNIX operating system; the LPRng project also supports that protocol. The Common Unix Printing System, which is more common on modern Linux distributions and also found on Mac OS X, supports LPD as well as the Internet Printing Protocol (IPP). Commercial solutions are available that also use Berkeley printing protocol components, where more robust functionality and performance is necessary than is available from LPR/LPD alone. The LPD Protocol Specification is documented in RFC 1179.

A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.

<span class="mw-page-title-main">Network block device</span> Network storage protocol

On Linux, network block device (NBD) is a network protocol that can be used to forward a block device from one machine to a second machine. As an example, a local machine can access a hard disk drive that is attached to another computer.

R-tools are a set of Unix/Linux tools that allow basic unsecured administration of Unix/Linux systems by establishing a Remote Shell. Similar in nature to Telnet but much less popular, R-tools is considered by most IT professionals to be dangerous and obsolete. The much preferred way to do a remote shell is ssh.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

<span class="mw-page-title-main">Mosh (software)</span> Remote terminal

In computing, Mosh is a tool used to connect from a client computer to a server over the Internet, to run a remote terminal. Mosh is similar to SSH, with additional features meant to improve usability for mobile users. The major features are:

References

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.