Cryptography Reference
In-Depth Information
NFS has certain drawbacks, but it is not always necessary.
rlogin
(
remote
login
),
rsh
(
remote shell
), and
rcp
(
remote copy
) are important for internal
use. These three tools are used like those by the same name, but without the
leading '
r
': you can log on to a remote computer (
rlogin
), or just execute a
command there (
rsh
), or copy files between remote computers (
rcp
). A special
file by the name of
.rhosts
in the user's home directory on the target computer
is even more useful: if it contains the name of the calling computer together
with the user name, then that user can log in without a password (and only
then will
rsh
and
rcp
work, by the way). If the
.rhosts
file is missing, then the
target computer will ask for a user password.
The security philosophy behind this concept is as follows for
rsh
and
rcp
:
logged in on one computer β access to all 'friend' computers.
rlogin
without
.rhosts
is not much more secure: the password runs across the network in the
clear, and everybody within the organization can basically listen in on it.
This doesn't make UNIX an insecure system. There is a clean separation
between running programs, their data, and the operating system. Nobody can
access third-party files without permission, nobody can use their program to
simply bring UNIX down. But those who want to work comfortably in the net-
work do normally give way to an eavesdropper.
rlogin
is hardly more secure
than
telnet
, the open barn door.
If you try to log on to a remote computer from your home computer over
an Internet provider, the
rhost
mechanism will refuse its service, because the
provider normally assigns a dynamic (i.e., variable) Internet address, and the
target computer doesn't know you by that address. You will learn the solution
to this problem below.
Stuffing Up Security Holes
The solution for the three standard tools β
rlogin, rsh
, and
rcp
βis
Secure
Shell (SSH)
: it provides for cryptographically secure authentication, and uses
a hybrid method to encrypt the data traffic. This means that it reliably thwarts
IP- or DNS-spoofing attacks (where Mallory pretends to be Alice), and the inter-
ception of passwords and data. SSH was developed by Tatu Ylonen of the Uni-
versity at Helsinki, and was not intended to be freely used for non-commercial
purposes. You can find the source text of version 1.2.26 for analytical purposes
on our Web site.
This SSH version is one of the programs you would like to see more often. It
probably worked on all UNIX systems (and OS/2, while the Windows world
