14.1 Command line options

The options are as follows :

-4 ¶

--ipv4

Use only IPv4.

-6 ¶

--ipv6

Use only IPv6.

-8 ¶

--8-bit

Allows an eight-bit input data path at all times; otherwise parity bits are stripped except when the remote side’s stop and start characters are other than C-S/C-Q.

-d ¶

--debug

Turns on socket debugging on the TCP sockets used for communication with the remote host.

-e char ¶

--escape=char

Allows user specification of the escape character, which is ‘~’ by default. This specification may be as a literal character, or as an octal value in the form ‘\nnn’.

-E ¶

--no-escape

Stops any character from being recognized as an escape character. When used with the -8 option, this provides a completely transparent connection.

-l user ¶

--user=user

By default, the remote username is the same as the local username. This option, and the ‘user@host’ format, allow the remote user name to be made explicit, or changed.

The next three options are available only if the program has been compiled with support for Kerberos authentication.

-k realm ¶

--realm=realm

The option requests rlogin to obtain tickets for the remote host in realm realm instead of the remote host’s realm.

-K ¶

--kerberos

Turns off all Kerberos authentication.

-x ¶

--encrypt

Turns on encryption for all data passed via the rlogin session. This may impact response time and CPU utilization, but provides increased security.

14.2 Escape characters and flow control

As long as the connection stands, the client program rsh is observing the input stream in order to detect so called escape sequences, allowing the user to execute some local actions without having to tear down the remote connection.

The sequences consist of two characters, the first of which always is the distinguished character escape-char. The following sequences are supported:

• escape-char . disconnects from the remote host.
• escape-char C-d does the same. (Termios character ‘VEOF’.)
• escape-char C-z suspends the session, halting the remote process, but keeping it ready for resumed processing. The user is given access to a local shell. (Termios character ‘VSUSP’.)
• escape-char delayed-suspend-char implements a half-way suspend, in the sense of stopping local input from reaching the remote side, but still displaying all output from the remote host on the local terminal. The remote process is still running, but the local user is given a local shell until the resuming the original command. Normally, only BSD systems offer this mode. (Termios character ‘VDSUSP’.)

By default, the character tilde ‘~’ is assigned to escape-char, but it can be changed using the option --escape. The processing of escape sequences can even be disable using the option --no-escape. On BSD systems, delayed-suspend-char is usually set to C-Y. It displays as ‘dsusp’ using stty.

All echoing takes place at the remote site, so that the rlogin is transparent except possibly for transmission delays. Flow control via C-S and C-Q, if at all supported, will stop and start the flow of data on the local terminal. Flushing of input and output on interrupts is also handled properly.

On the server side the iruserok and ruserok functions are used to authenticate the connection request, unless Kerberised mode is in effect. See the appropriate man pages for more information.

14.3 Kerberos Authentication

If rlogin was compiled with kerberos support, options -x, -k, -K are available. Each user may have a private authorization list in the file .k5login in their home directory. Each line in this file should contain a Kerberos principal name of the form ‘principal/instance@realm’. If the originating user is authenticated to one of the principals named in .k5login, access is granted to the account. The principal ‘accountname@localrealm’ is granted access if there is no .k5login file. Otherwise a login and password will be prompted for on the remote machine as in login. To avoid certain security problems, the .k5login file must be owned by the remote user. If Kerberos authentication fails, a warning message is printed and the standard Berkeley rlogin is used instead.