is rlogin secure?

Jim Cheetham jim at
Wed Mar 16 20:03:38 UTC 2005

On Wed, 2005-03-16 at 18:03 +0000, Soo-Hyun Choi wrote:
> Is rlogin secure? 

No. Not in the slightest. rlogin should never be used - nor should any
of the other R commands (rsh, rcp etc)

These commands have a very simplistic trust hierarchy, that is trivially
exploitable. If anyone is running an rlogin service on an
Internet-connected port, their machine will probably be rooted
already :-)

> In Ubuntu, the 'rlogin' has linked to 'slogin' and it is
> again linked to 'ssh'.  Is this because 'rlogin' is vulnerable? If I
> insist on using 'rlogin', how do I change this settings?

You do not need to change the setting - ssh can and will use the rhost
authentication methods if asked.

But no-one does :-)

I would be interested to know why you "insist on using rlogin" - we may
be able to show you an equivalent way to use ssh.

-jim cheetham = jim at egressive dot com,

More information about the ubuntu-users mailing list