Local host connections to a remote host
These TCP/IP host connection commands are for remote login and command execution.
There are several reasons why you might need to access a computer other than your own. For example, your system administrator might need to reassign permissions to a sensitive file you have been working on, or you might need to access a personal file from someone else's workstation. You can even connect to your own computer from someone else's computer station. Remote login functions, such as the rlogin, rexec, and telnet commands, enable the local host to perform as an input/output terminal host. Key strokes are sent to the remote host, and the results are displayed on the local monitor. When you end the remote login session, all functions return to your local host.
TCP/IP contains the following commands for remote login and command execution:
|rexec||The rexec command makes it possible to execute commands interactively on different foreign hosts when you log in to a remote host with the rlogin command. This command is disabled by the system manager if extra security is needed for your network. When you issue the rexec command, your local host searches the $HOME/.netrc file of the remote host for your user name and a password from your local host. If these are found, the command you requested to be run on the local host will then be run. Otherwise, you will be required to supply a login name and password before the request can be honored.|
|rlogin||The rlogin command makes it possible
to log in to similar foreign hosts. Unlike telnet,
which can be used with different remote hosts, the rlogin command
can be used on UNIX hosts only. This command is disabled by
the system manager if extra security is needed for your network.
The rlogin command is similar to the telnet command in that both allow a local host to connect to a remote host. The only difference is that the rlogin command is not a trusted command and can be disabled if your system needs extra security.
The rlogin command is not a trusted command because both the $HOME/.rhosts file, which is owned by the local user, and the /etc/hosts.equiv file, which is owned by your system manager, keep a listing of remote hosts that have access to the local host. Therefore, if you leave your terminal on while unattended, an unauthorized user could examine the names and passwords contained in these files, or worse, could damage a remote host in some way. Ideally, remote users should be required to type a password after issuing the rlogin command, but it is quite possible to bypass this recommended feature.
If neither the $HOME/.rhosts file nor the /etc/hosts.equiv file contains the name of a remote host that is trying to log in, the local host prompts for a password. The remote password file is first checked to verify the password entered; the login prompt is again displayed if the password is not correct. Pressing tilde and period (~.) at the login prompt ends the remote login attempt.
The rlogin command can also be configured to use Kerberos V.5 to authenticate the user. This option allows the user to be identified without the use of a $HOME/.rhosts file or passing the password across the network. For more information about this use of the rlogin command, see Authentication and the secure rcmds.
|rsh and remsh||The rsh and remsh commands
make it possible to execute commands on similar foreign hosts. All
required input must be performed by the remote host. The rsh and remsh commands
are disabled by the system manager if extra security is needed for
The rsh command can be used in two ways:
When the rsh command is issued, your local host searches the /etc/hosts.equiv file on the remote host for permission to log in. If that is unsuccessful, the $HOME/.rhosts file is searched. Both of these files are lists of remote hosts having login permission. Remote users should be required to type a password after issuing the rsh command.
It is also possible to eliminate the need to issue the rlogin command. The rsh command permits the execution of commands on a remote host, but does not provide a means of bypassing the password requirement. If a password is needed to access a remote host, then a password is needed to use the rsh command as well because both commands access the $HOME/.rhosts and /etc/hosts.equiv files.
The rsh command can also be configured to use Kerberos V.5 to authenticate the user. This option allows the user to be identified without either the use of a $HOME/.rhosts file or passing the password across the network. For more information about this use of the rsh command, see Authentication and the secure rcmds.
|telnet, tn, and tn3270||The telnet command is a terminal
emulation program that implements the TELNET protocol and allows you
to log in on a similar or dissimilar foreign host. It uses TCP/IP
to communicate with other hosts in the network.
Note: For convenience, telnet hereafter refers to the telnet, tn, and tn3270 commands.
The telnet command is one way a user can log in to a remote host. The most important feature of the telnet command is that it is a trusted command. In contrast, the rlogin command, which also allows for remote login, is not considered a trusted command.
A system may need extra security to prevent unauthorized users from gaining access to its files, stealing sensitive data, deleting files, or placing viruses or worms on the system. The security features of TCP/IP are designed to help prevent these occurrences.
A user who wishes to log in to a remote host with the telnet command must provide the user name and password of an approved user for that computer. This is similar to the procedure used for logging in to a local host. When successfully logged in to a remote host, the user's terminal runs as if directly connected to the host.
The telnet command supports an option called terminal negotiation. If the remote host supports terminal negotiation, the telnet command sends the local terminal type to the remote host. If the remote host does not accept the local terminal type, the telnet command attempts to emulate a 3270 terminal and a DEC VT100 terminal. If you specify a terminal to emulate, the telnet command does not negotiate for terminal type. If the local and remote hosts cannot agree on a terminal type, the local host defaults to none.
The telnet command supports these 3270 terminal types: 3277-1, 3278-1, 3278-2, 3278-3, 3278-4, and 3278-5. If you are using the telnet command in 3270 mode on a color display, the colors and fields are displayed just as those on a 3279 display, by default. You can select other colors by editing one of the keyboard mapping files in the preceding list of terminal types. When the telnet session has ended, the display is reset to the colors in use before the session began.
The telnet command can also be configured to use Kerberos V.5 to authenticate the user. This option allows the user to be identified without either the use of a $HOME/.rhosts file or passing the password across the network. For more information about this use of the telnet command, see Authentication and the secure rcmds.