Previous | Contents | Next

Section 3.13: The Rlogin panel

The Rlogin panel allows you to configure options that only apply to Rlogin sessions.

3.13.1 "Terminal-speed string"

Like Telnet, Rlogin allows the client to send a text string that describes the terminal speed. PuTTY lets you configure this, in case you find the server is reacting badly to the default value. (I'm not aware of any servers that do have a problem with it.)

3.13.2 "Local username"

Rlogin allows an automated (password-free) form of login by means of a file called .rhosts on the server. You put a line in your .rhosts file saying something like jbloggs@pc1.example.com, and then when you make an Rlogin connection the client transmits the username of the user running the Rlogin client. The server checks the username and hostname against .rhosts, and if they match it does not ask for a password.

This only works because Unix systems contain a safeguard to stop a user from pretending to be another user in an Rlogin connection. Rlogin connections have to come from port numbers below 1024, and Unix systems prohibit this to unprivileged processes; so when the server sees a connection from a low-numbered port, it assumes the client end of the connection is held by a privileged (and therefore trusted) process, so it believes the claim of who the user is.

Windows does not have this restriction: any user can initiate an outgoing connection from a low-numbered port. Hence, the Rlogin .rhosts mechanism is completely useless for securely distinguishing several different users on a Windows machine. If you have a .rhosts entry pointing at a Windows PC, you should assume that anyone using that PC can spoof your username in an Rlogin connection and access your account on the server.

The "Local username" control allows you to specify what user name PuTTY should claim you have, in case it doesn't match your Windows user name (or in case you didn't bother to set up a Windows user name).

Previous | Contents | Next


Comments to putty@projects.tartarus.org
[$Id: pubkey.but,v 1.6 2001/09/25 19:59:14 simon Exp $]