Next: , Previous: , Up: Top   [Contents][Index]

13 rlogin: Remote login

The rlogin command starts a terminal session on the specified remote host, provided the required authentication is successful. The remote terminal type is the same as that given in the TERM local environment variable. The terminal and the window size stay the same, if the remote host supports them, and any changes in size are transferred as need may be.

When using the rlogin command, you can create a link in your path, using a host name as the link name. For example:

# ln -s /usr/bin/rlogin hostname
# hostname -8

Afterwards, the use of hostname will automatically invoke rlogin to direct a log in request to the remote host named hostname.

rlogin allows access to the remote host without the use of a password. The prerequisite is a suitable specification in ~/.rhosts. For details, See rcmd in The GNU C Library Reference Manual.

13.1 Command line options

The options are as follows :


Use only IPv4.


Use only IPv6.


Allows an eight-bit input data path at all times; otherwise parity bits are stripped except when the remote side’s stop and start characters are other than C-S/C-Q.


Turns on socket debugging on the TCP sockets used for communication with the remote host.

-e char

Allows user specification of the escape character, which is ‘~’ by default. This specification may be as a literal character, or as an octal value in the form ‘\nnn’.


Stops any character from being recognized as an escape character. When used with the -8 option, this provides a completely transparent connection.

-l user

By default, the remote username is the same as the local username. This option, and the ‘user@host’ format, allow the remote user name to be made explicit, or changed.

The next three options are available only if the program has been compiled with support for Kerberos authentication.

-k realm

The option requests rlogin to obtain tickets for the remote host in realm realm instead of the remote host’s realm.


Turns off all Kerberos authentication.


Turns on encryption for all data passed via the rlogin session. This may impact response time and CPU utilization, but provides increased security.

13.2 Escape characters and flow control

As long as the connection stands, the client program rsh is observing the input stream in order to detect so called escape sequences, allowing the user to execute some local actions without having to tear down the remote connection.

The sequences consist of two characters, the first of which always is the distinguished character escape-char. The following sequences are supported:

By default, the character tilde ‘~’ is assigned to escape-char, but it can be changed using the option --escape. The processing of escape sequences can even be disable using the option --no-escape. On BSD systems, delayed-suspend-char is usually set to C-Y. It displays as ‘dsusp’ using stty.

All echoing takes place at the remote site, so that the rlogin is transparent except possibly for transmission delays. Flow control via C-S and C-Q, if at all supported, will stop and start the flow of data on the local terminal. Flushing of input and output on interrupts is also handled properly.

On the server side the iruserok and ruserok functions are used to authenticate the connection request, unless Kerberised mode is in effect. See the appropriate man pages for more information.

13.3 Kerberos Authentication

If rlogin was compiled with kerberos support, options -x, -k, -K are available. Each user may have a private authorization list in the file .k5login in their home directory. Each line in this file should contain a Kerberos principal name of the form ‘principal/instance@realm’. If the originating user is authenticated to one of the principals named in .k5login, access is granted to the account. The principal ‘accountname@localrealm’ is granted access if there is no .k5login file. Otherwise a login and password will be prompted for on the remote machine as in login. To avoid certain security problems, the .k5login file must be owned by the remote user. If Kerberos authentication fails, a warning message is printed and the standard Berkeley rlogin is used instead.

Next: , Previous: , Up: Top   [Contents][Index]