Playing With rlogin & rcp

The rfunctions

(This has serious security implications. Steer away from rlogin, rcp, etc. on systems exposed to outside networks!)

When you rlogin (or rcp) you will be a trusted user from a trusted host and therefore allowed to skip password authentication. Which of course points out the security issues inherent with rcp, rlogin, etc.

  • Create the same username on both machines (or ensure it exists on both).
  • On the machines in question create a .rhosts file in the home directory of each machine with the other machine as the hostname:
  • On ghoti_host1 create .rhosts:

    $ cat > .rhosts
    ghoti_host2 fschmidt
    ^C $

    On ghoti_host2 create .rhosts:

    $ cat > .rhosts
    ghoti_host1 fschmidt
    ^C $

  • You should now be able to logon to the other machine without a password!
  • From ghoti_host1:

    $ rlogin ghoti_host2
    Last login: Mon Sep 26 13:35:44 from ghoti_host1
    Sun Microsystems Inc. SunOS 5.8 Generic Patch February 2004

  • Now from ghoti_host1 use this command to copy a file named bob:

  • $ rcp ghoti_host2:/export/home/fschmidt/bob /export/home/fschmidt/bob

    You will now be able to copy file to and from both machines with reckless abandon! Keep in mind the security implications with using rcp, rlogin, etc.

    You can do the same thing system wide with the etc/hosts.equiv file but using .rhosts is dangerous enough. I’ll let you get yourself in deeper all by yourself!