How is SSH different from Telnet?

Close up of a computer screen showing PuTTY configuration options.
Jordan Glore / How to Geek

TELNET has no encryption, so everything is sent in plain text. SSH is encrypted, so it’s private and secure. This is why SSH should be used instead of TELNET.

SSH and TELNET allow you to connect to remote computers on your network and use them as if you were sitting in front of them. So what is the difference between these two venerable protocols, and is there always an advantage to using SSH over TELNET?

TELNET and SSH: The Origin Story

Necessity is the mother of invention. System administrators needed a way to access and manage computers that were physically located elsewhere. If it was impractical or inconvenient for the administrator to position themselves in front of the computer, they needed a way to access the remote computer that would allow them to issue commands as if they were typing them into that computer.

TELNETshort for phoneWrite more networkWork Protocol, developed in 1969 as an answer to this problem. As long as the remote computer was reachable over the network, the administrator, or other authorized person, was allowed to connect to and use it as if they were physically pressing the keys of the remote keyboard.

SSH was created much later – in 1995 – as a direct response to Telnet and other similar solutions. The necessity this time was security. TELNET, rloginAnd FTPand other protocols of the era, were designed without any regard for security or the perceived need for it.

SSH stands for secure uEtc, so you can see that security has been a guiding principle since its inception. At present, SSH has almost completely replaced TELNET.

TELNET is an ordinary security nightmare

The big problem with TELNET is that it uses plain text. no encryption Any of its traffic, including usernames and passwords. Anything you move along the network can be captured Packet sniffer And read, with the greatest ease. This is a security risk even on a local network, unless you are the only user. Any user can intercept TELNET traffic and obtain login credentials to which they are not entitled.

If the remote computer is off-site, and requires an Internet connection to access it, the problem is magnified immeasurably. TELNET was a product of its time and, to be fair to them, the authors did not expect people to use it more than fifty years later, in today’s very different IT landscape.

While TELNET deserves its place on the list of important software that collectively helped us get to where we are today, it is not something we still have to use in today’s world.

How is SSH different from TELNET?

On the face of it, TELNET and SSH are two answers to the same problem. Both allow you to access a terminal window on a remote computer and issue commands to it. But because SSH was developed much later than TELNET, the problem was more comprehensively understood, and the answer was better designed.

TELNET is designed with private networks in mind, but SSH is designed to handle it general networksAnd the need to maintain privacy and security when transferring data and making remote communications.

TELNET uses port 23 and this port number cannot be changed. By default, SSH uses port 22, but it can be configured and changed. Configuring SSH to use an unclear port number makes it difficult for attackers to identify the SSH port. If the SSH port can be specified, it is very easy to upload a file Brute force attack Thousands of passwords obtained from data breaches are in turn tried by bots.

Better yet, SSH can do without passwords altogether. It can use public key encryption To authenticate to remote computers. Passwords are never transferred, because there is no need to send them to the remote computer. Data encryption and SSH key authentication mean that SSH is able to provide secure connections and communication over unsecured networks such as the Internet.

In fact, SSH can be used to authenticate with different services, not just remote computers running an SSH server. For example, you can access a file githubAnd Jet LabAnd BitBucket Git repositories hosted with SSH instead of passwords.

Another advantage of using SSH over TELNET is that SSH can do that Reverse SSH tunneling. This requires the server to establish a connection to the client computer. The connection is ignored until the local user wants to make a connection to the server.

When the client wants to connect to the server, the user establishes an SSH connection to his computer. SSH sends the connection below the already established connection to the server. This provides a private tunnel inside the already encrypted connection from the server to the client.

The only advantage of TELNET is that it uses less bandwidth. But this isn’t 1969 where bandwidth was scarce, and SSH isn’t exactly a bandwidth hog.

SSH has had its problems, too

Although SSH is superior to TELNET when it comes to security, we have to remember that it is still software, and software can contain bugs. These errors can lead to vulnerabilities that cyber criminals can exploit. Also, encryption standards and algorithms change over time, and they are being replaced. Like all encryption-based software, as older versions of SSH age it can become less secure. This is why it is important to ensure that you are using the latest version of SSH.

The version of SSH used on most Linux computers is OpenSSH, which is an implementation of SSH based on the OpenSSL toolkit and libraries. In 2012, the OpenSSL library introduced a bug that allowed an attacker to request a response from an SSL server and specify how much data to contain in the response.

They can request a (say) 64KB response when the actual response needs no more than 64 bytes. The first sequence of bytes in that data will be the expected real response, followed by whatever happened in memory that OpenSSL used recently. What this data contained was a lot of luck, but it could contain sensitive information like session cookies and passwords, or other information that allowed an attacker to obtain private keys, for example.

Once discovered, in 2014, the vulnerability became known as heartblade. It was quickly fixed in the program. But the vulnerability does not go away at that point. The vulnerability is only fully revoked when the stable version is installed on all computers running the vulnerable software. In other words, when computers restored. Since many administrators were slow to respond, uptake of the firmware was slow.

Also of concern are the two years between 2012 when the bug was introduced and 2014 when it was discovered and addressed. During those two years every SSH server running the vulnerable version of OpenSSL was at risk.

To be fair, this happened about a decade ago, and since then there have been many releases, improvements, bug fixes, and code revisions.

Related: The best ways to secure your SSH server

Should you use SSH or TELNET?

It’s hard to think of why you would need to use TELNET today. This is not the same as saying is there any scenario in which it is safe to use TELNET. In a stand-alone network that is not connected to the outside world, and you are sure no one is going to sniff your traffic, you can use TELNET. But there is no reason for that. The security trade-off cannot be justified.

More secure and flexible SSH – This is the advantage of using SSH over TELNET. OpenSSH is free for all uses including commercial use, and is available for all popular operating systems.

Related: How to connect to an SSH server from Windows, macOS, or Linux

Source link

Related Posts