Secure Shell

From Hill2dot0
Jump to: navigation, search

Telnet communicates between devices using TCP port 23, and all communication is sent in clear text, including login usernames and passwords. As a result Telnet is losing popularity as a way to manage networks where security is a concern (i.e., everywhere that is serious about security).

The alternative to Telnet is to use Secure Shell (SSH). SSH provides encryption and authentication services for communication between a client and server (i.e., identical functionality as Telnet). The user cannot tell the difference between a Telnet session and SSH other than it was invoked using a different client software. It looks the same after login, so there is little or no training requirements in moving to SSH.

SSH supports strong authentication and encryption services for terminal sessions and file transfer. It replaces rlogin and Telnet, providing secure communications unlike rlogin and Telnet. Similarly, Secure FTP (SFTP) is a replacement for FTP, again providing secure communications where FTP does not.

Most network equipment supports SSH as a useful replacement for Telnet, and we recommend its use over Telnet. Telnet is susceptible to session hijacking, man in the middle attacks, and sniffing. For example, Cisco equipment is capable of running SSH as a client and server. In other words, you can connect to a Cisco router to manage it with SSH as you would Telnet. In addition, you can also use SSH from router to router.

SSH client software is available for all operating systems. It is not included in any Windows distribution, so it must be sourced elsewhere (e.g., www.openssh.org has various client and server software available). SSHv2 uses different algorithms to work around patent issues. It also enhances security by fixing previous vulnerabilities. Unfortunately, SSHv1 is incompatible with SSHv2, which does not help adoption.

Although SSH is the preferred method to access terminal sessions, the simplicity and familiarity of Telnet will likely mean that Telnet will be with us for some time.