Copyright Phillip Farrell. Last revision August 3, 2004
All three r programs require a method for authenticating that you have permission to login or execute programs on the remote machine. They do not prompt for passwords. Rather, each system first assumes that you have the same login account name on both machines, and then verifies that your account on the remote machine is equivalent to your account on the local machine. Two methods of account verification are provided: system-to-system, or user-to-user.
The systems managers of the two machines can cooperate to establish their machines as "equivalent". This requires common names and id numbers for user accounts. Then every user on one machine can use the r commands to reach the other machine without further setup. This is normally used between multiple computers in the same research group.
Alternatively, if the user has accounts on two machines that have not been made equivalent by the managers, he can establish equivalence between his two personal accounts only. In this case, the accounts do not need to have the same name. The mechanism is to create the file .rhosts in his home directory on each machine. This file contains a list of all the machines and account names that are his and that should be considered equivalent. This file must contain a separate line for each machine/account which is to participate in the account equivalence, listing the fully-qualified network name of the machine and the name of his login account on that machine. Then this file must be copied to the home directory of his account on each machine. The user can use ftp, for example, to initially push a copy to his account on each machine. For example, if the gp111ins class account existed on both pangea and toquima, the .rhosts file for gp111ins would contain the lines:
Put only one space between the machine name and account name; do not put any extra spaces before the machine name or after the account name. This file would have to be created in the gp111ins home directory on both pangea and toquima.
Once this .rhosts file is created by the user in the home directory on each machine where he has an account, he can then use the r commands among his accounts on those machines.
The r commands avoid one type of security problem -- passing your password in clear text over the network. But this kind of system or account equivalence creates another type of security hole. If a cracker breaks into an account on one machine, he can exploit this equivalence to gain access to other machines. Some systems may have policies limiting the use of .rhosts files to just machines within a specified group, or may disable these services entirely.
On the Stanford campus, if the two Unix computers both have the kerberos authentication software installed, you can use klogin and krsh instead of rlogin and rsh. These kerberized versions provide complete session encryption and authenticate you using your kerberos "ticket" (from your initial login), for additional network security.