rlogin Service Enabled
rlogin is the predecessor to telnet and SSH. It is part of the Berkley r-commands released in 1981. These commands are widely regarded as insecure and do not implement security controls expected of modern systems.
Some of the most notable risks associated with rlogin include the following:
- Communication is unencrypted, leaving sensitive information vulnerable to eavesdropping and tampering.
- rlogin supports authentication via the
/etc/hosts.equivfiles which may allow any use from an origin to login without a password.
- rlogin is considered outdated and obsolete using such software can pose reputational risk.
Additionally, because of the file-based authentication, any scenario where an attacker can write to a user directory will also allow them to bypass authentication via rlogin. Remember that rlogin reads
hosts.equiv as a global configuration, but also reads user-based
.rhosts files for user-level authentication.
To confirm if a user can login via rlogin the following command can be used:
rlogin <host> -l <username>
Consider that a simple entry of
/etc/hosts.equiv can allow anyone to login as any user without authentication.
rlogin is widely considered high risk from both internal and external network perspectives. Although the core risks of unencrypted communication are similar to telnet (which may often be considered medium risk), the risk associated with file based authentication significantly elevate the risks associated with the rlogin service.
It is recommended that rlogin is disabled. On Linux systems this can be commented out in