Overview

rlogin is a classic Unix utility and the application-layer protocol that supports interactive remote logins over TCP. Introduced as part of early Berkeley Software Distribution (4.2BSD), rlogin provided a simple way for a user to obtain a remote shell on another machine on the same trusted network. It relies on TCP and traditionally uses well-known port 513.

How the protocol works

The protocol implements a lightweight handshake between client and server that exchanges user identity and terminal settings. Authentication in typical installations was based on host- and user-based trust: the remote system consulted local trust files (commonly ~/.rhosts and /etc/hosts.equiv) to determine whether a particular host and user pair should be allowed passwordless access. In addition, rlogin traditionally expects the client’s TCP source port to be a privileged port (below 1024) as an additional sign of trust.

rlogin is one of the "r-commands" family (which also included rsh and rcp) intended for remote administration and file copying. A basic rlogin invocation connects a terminal session to a remote host, allowing the local user to interact with a shell on that machine as if logged in locally. Practical deployments often combined rlogin with wrappers and host-based access controls to limit exposure; see protocol background and legacy administration guides for historical examples.

Security limitations and risks

By modern standards rlogin has serious and well-documented vulnerabilities. Key issues include:

  • Cleartext transmission: Credentials, session data and any typed information are sent unencrypted and can be intercepted on the network.
  • Trust model weakness: The protocol assumes the client machine honestly reports source host and port information; a compromised host or an attacker able to exploit privileged ports can spoof those details and bypass access controls.
  • No strong host authentication: There is no built-in mechanism to cryptographically prove the identity of the other machine, so man-in-the-middle attacks are practical on untrusted networks.

These design choices mean rlogin is unsuitable for use across the public Internet or on networks where untrusted hosts exist. For improved authentication, site operators historically experimented with Kerberos-aware variants such as Rlogin Kerberos (Kerberos extensions), but adoption was limited compared with later secure replacements.

Configuration files and administration

Administrators configured rlogin access through host-based files like .rhosts in user home directories and the global /etc/hosts.equiv file. Entries in these files map remote hosts and usernames to local accounts and are a core part of rlogin’s convenience model: a correctly listed pair allowed passwordless access. Because those files grant broad privileges when misused, they are often disabled or removed in modern secure environments. Some sites also employed TCP wrappers or firewall rules to restrict which machines could connect.

History, decline, and modern alternatives

rlogin dates to early BSD Unix and played an important role in local-area network administration through the 1980s and 1990s. Over time, its use declined as awareness of network threats grew and secure alternatives emerged. The most widely adopted replacement is Secure Shell (SSH), which provides encrypted transport, server and client authentication, and stronger key management; see SSH modern practice and the common secure client names slogin and ssh used on many systems.

Today rlogin is largely absent from default installations of most operating systems and is found mainly in legacy environments where backward compatibility is required. When encountered, administrators are advised to migrate interactive access to encrypted, authenticated protocols or to isolate rlogin traffic within highly trusted, segmented networks.