Rlogin means remote login, it starts a terminal session on a remote host, it's easy to use, but quite often, same like rsh and rexec,  is blame for its security. However, you need it for some particular task, here is it, I'm using SL6 for test, other linux distribution should be same.


Suppose host A is the one you want to config rlogin server(allow B to rlogin), while host B is the client host to run rlogin.

Step 1: install packages

There are two packages need to be installed first, for SL6, they are in sl repo.


Step 2: Enable rsh service in xinted

change /etc/xinetd.d/rlogin, red color shows the changed value, default is yes.
service shell
    socket_type        = stream
    wait            = no
    user            = root
    log_on_success        += USERID
    log_on_failure         += USERID
    server            = /usr/sbin/in.rshd
    disable            = no

More xinetd is described in xinetd and tcp wrapper

Step 3: Add rsh services to /etc/securetty

#cat /etc/securetty | grep rlogin

Step 4: enable host and service connection

Add the line below to /etc/hosts.allow

in.rlogind     :  <host B>

or, you can add a wild card like this

ALL         : <host B>

Step 5: enable account access

Add the following line to ~host/.rhosts of the account you want to open rsh

<host B>   +

Restart xinetd service, then you are done.


Further checks if still now work


6) Check if you server is able to convert client IP address to hostname.

check DNS or /etc/hosts

7) Check your /etc/pam.d/rlogin

for example module "pam_nologin.so" can disable login if the file /etc/nologin exists. For more details read /usr/share/doc/pam-0.77/txts/README.pam_nologin

8) Never change /etc/pam.d/rlogin to use something other than:

        auth       required     pam_rhosts_auth.so 

The client-server "rlogin" protocol is not designed for other authentication than by .rhost files. For example pam_stack.so in section "auth" can corrupt the client/server connection if the "login" program sends password prompt to client. If you need authentication by password use "rlogin" or "ssh".

Comments powered by CComment