Telnet Vs Rlogin

Jonathan I. Kamens jik at athena.mit.edu
Thu Apr 4 05:27:00 AEST 1991


  In order to understand the differences between telnet and rlogin, and the
reason why both of them exist, you have to have a little history.  I'll try to
present some of that.

  First of all, telnet came first.  The first attempt to describe the telnet
protocol was in Internet RFC 95, dated February 1971.  I admit that I don't
have copies of RFCs that far back :-), and it's not available on-line, so I
can't quote to you from it.  There was significant discussion of the protocols
before it started to come into common use, and even more significant
discussion afterwards.  The RFC which defines the current telnet protocol
specification is RFC 854, which *is* on-line, so I can quote its introduction:

   The purpose of the TELNET Protocol is to provide a fairly general,
   bi-directional, eight-bit byte oriented communications facility.  Its
   primary goal is to allow a standard method of interfacing terminal
   devices and terminal-oriented processes to each other.  It is
   envisioned that the protocol may also be used for terminal-terminal
   communication ("linking") and process-process communication
   (distributed computation).

An important concept in the protocol is the idea of a "Network Virtual
Terminal."  The original purpose of the protocol was to connect your terminal
to a remote host in such a way that it would seem like you were working on a
local host.

  In the beginning, telnet was very basic.  There was none of the automatic
terminal type negotiation, or binary modes, or character-at-a-time input
modes, or other protocol features that we take for granted in today's telnet. 
However, the protocol was stable and robust, and was designed in such a way
that extensions would be easy to implement while allowing backward
compatibility.  It did the job.

  Then, the people at BSD decided that it wasn't enough.  "Remote connections
should be able to figure out the terminal type automatically, just as they can
on a hard-wired terminal.  Machines should be able to trust each other in a
way that makes passwords unnecessary.  And furthermore, if we're going to
allow programs to ask for input a character at a time (a relatively new
thing), then we're going to have to be able to pass input a character at a
time over the connection."  So they pointed out rlogin, rsh, the whole rcmd
shebang.  Which was an incredible kludge, for many reasons, including:

  1) It was capable of passing the terminal type, but was not easily
extensible to allow *other* parameters to be passed.  The terminal type
passing was a hack.

  2) The character-at-a-time input was doable, but once again, it was done in
a very specific manner.  No negotiation between both sides of the connection
like in the telnet protocol.  In the rlogin protocol, there's only one way to
go, and everybody has to talk the same way.

  3) The security mechanism, involving a reserved port, was easily spoofable
by forging network packets, or simply by hooking a non-Unix box up to the
network and coming in on the reserved port.  Another kludge.

Well, rlogin et al provided important features which, at the time, were
lacking in telnet.  They did make the systems easier to use.  However, it
would be reasonable to argue that the reserved port authentication should
never have been set up at all, and that rlogin's features should have been
implemented as extensions to the telnet protocol, rather than as an entirely
separate protocol.

  And, in the end, that's exactly what happened.  Telnet continued to develop,
catching up in functionality to what rlogin accomplished, while rlogin just
sort of sat around doing the same thing, other than a brief rejuvenation when
the Kerberos team decided to implement Kerberos-authenticated rlogin rather
than Kerberos-authenticated telnet.  Another mistake.

  At this point, telnet can do pretty much everything rlogin can do, although
the authentication isn't quite worked out yet (and when it is worked out,
it'll probably be based on Kerberos v5, which is a tad more secure than a
reserved TCP port).

  And so, the question boils down to -- right now, which one should you use,
telnet or rlogin?  Well, if the machine you're connecting to is running a
recent version of telnetd, and you've got a recent version of telnet, then the
only think telnet isn't going to be able to do that rlogin is going to be able
to do is the authentication so that you can log in without passwords.  If you
can do that, you're probably better off with telnet.  I believe CSRG isn't
even putting a lot of effort into rlogin for 4.4BSD, although I'm not certain
about that.

  To answer your other question, yes, a machine can accept both rlogin and
telnet connections, and many do; they are completely separate protocols and
can operate at the same time independent of each other.

  Well, I think I've got all this stuff right, and I'm sure someone will
correct me if I've said anything wrong or omitted anything.

-- 
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik at Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8085			      Home: 617-782-0710



More information about the Comp.unix.questions mailing list