Berkeley 網路指令
首頁

Berkeley 網路指令
 

bulletWhat is Berkeley r-command

所謂Berkeley r-commands,指的是以hostname (Defined in /etc/hosts)為基礎,利用『 相互信任』的關係定義,Bypass密碼檢查,快速在網路主機間進行遠端檔案複製(remote Copy)、遠端簽入(remote login)及遠端指令執行(remote shell)的一組UNIX系統指令。
bulletAn Example of /etc/hosts

140.120.2.17 dragon1.nchu.edu.tw dragon1
140.120.2.19 dragon

bulletBerkeley r-command

Berkeley r-command 包含『 rsh』、『rlogin 』、及『 rcp』等

bullet/etc/hosts.equiv
Define Trusted Host in System Level , Only root can modify this file

bullet定義在host "A" /etc/host.equiv中的網路主機,可以Bypass "A"中的密碼檢查,直接以r-command作remote copy、remote login等動作。

bulletTrust的關係屬於單向關係,也就是說A信任B,不代表B一定也信任A,雙向的信任必須於雙方主機中同時定義方可達成。

假設Host "B""A"Trust (B in /etc/host.equiv of A),當user "john"的身分login B,這個user將可以相同身分對A執行r-command,而無須密碼的檢查。但先決條件是user "john"也存在於A中。

bulletAn Example of /etc/hosts.equiv in host nmc:

dragon1

bullet$HOME/.rhosts
Define Trusted Host & User in User Level,Every User can Define his own trust user in some hosts

bullet每一個User均可在他的家目錄(Home Directory)的.rhosts中定義Trust Host( & Trusted User)。

bullethost "A"中的帳號"john"定義的被信任的User,可以Bypass "A"中的密碼檢查,直接用john的身分,以r-command作remote copy、remote login等動作。

bullet$HOME/.rhosts中若只定義hostname,則代表信任該host中,與自己使用者名稱相同的user。

bulletAn Example of .rhosts  in host nmc under home directory of user "woody"

dragon1 woody1
dranew

上例中代表nmc中的user "woody"信任host "dragon1" 中的user "woody1",及host "dranew"user "woody"

bulletrcp - remote copy

bulletformat :     rcp  file1 file2
file1 & file2 Could Be a full path name or relative path name related to the current directory

bulletin "A"

$ rcp  B:user.id  user.id

Copy file "user.id in B to A

$ rcp user.id B:user.id 

Copy file "user.id in A to B

bulletrlogin - Remote login

bulletcommand format: rlogin [-l username] host
if username is omitted, the current login name is assumed.

bulletExample1  - A Successful(Trusted) One : 

[woody@dragon1 woody]$ hostname
dragon1.nchu.edu.tw
[woody@dragon1 woody]$ whoami
woody
[woody@dragon1 woody]$ rsh nmc
Last login: Mon Mar 13 17:13:02 2000 on ttyp1 from dragon1.
No mail.

Hacking's just another word for nothing left to kludge.

Good Afterron woody......

--> Host "nmc" Trust Host "dragon1", No Passwd Needed !
nmc:~> hostname
nmc
nmc:~> whoami
woody

bulletExample2  - A fail(UnTrusted) One :

[woody@dragon1 woody]$ rsh dranew
Password:
Login incorrect

--> Host "dranew" doesn't trust host "dragon1"

bulletrsh  - Remote shell

bulletcommand format: rsh  [-l username] host [command]
To execute a command in remote host . When "command" is not specified
rsh works just like "rlogin"

bulletExample:

[woody@dragon1 woody]$ rsh nmc who
woody ttyp0 Mar 13 15:36 (woody.nchu.edu.t)
net003 ttyp1 Mar 13 17:55 (woody.nchu.edu.t)
net010 ttyp2 Mar 13 17:55 (localhost)

--> rsh submitted in dragon1, and command "who" is executed in nmc

 

bulletBerkeley r-command是為了方便同時長空多台主機所設計,其本身隱含了安全上的問題,使用時當謹慎行事,"信任關係"訂定應特別小心。