CH 20 Telnet SSH SDP

Remote Login: TELNET
and SSH
S D Patil, RGIT, Mumbai

sdpatil@mctrgit.ac.in
OBJECTIVES:
 To introduce the TELNET protocol and show how it implements
local and remote login.
 To discuss options and sub-options used in TELNET and how
they are negotiated.
 To define out-of-band signaling in TELNET.
 To define different modes of operations in TELNET.
 To introduce SSH as an alternative to TELNET.
 To show how different components of SSH are combined to
provide a secure connection over an insecure TCP connection.
 To discuss port-forwarding in SSH and how it can be used to
provide security for other applications.
12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 2
TELNET
• An abbreviation for TErminaL NETwork.
• The standard TCP/IP protocol for virtual terminal

service as proposed by ISO.
• Enables the establishment of a connection to a

remote system in such a way that
• the local terminal appears to be a terminal at the
remote system.
• TELNET: general-purpose client-server
application program.
Topics Discussed in the Section
 Concepts
 Time-Sharing Environment
 Network Virtual Terminal (NVT)
 Embedding
 Options and Suboption Negotiation
 Controlling the Server
 Out-of-Band Signaling
 Escape Character
 Modes of Operation
 User Interface
 Security Issue
Local login
Remote login
Concept of NVT
Format of data and control characters
An example of embedding
• Telnet uses only one TCP connection
• Server: well known port 23
• Client : an ephemeral port
• Same connection is used for sending data and control cha
• Embedding control the character in the data stream
• Distinguishing them IAC : interpret as control is used
• User want a server to display a file on a remote computer
cat file1 cat filea name is mistyped
cat filea<backspace>1
c a t f i l e a IAC EC 1
TELNET Options
• TELNET lets the client and server negotiate options before or
during the use of the service.
• Options are extra features available to a user with a more
sophisticated terminal.
• Users with simpler terminals can use default features.
• Some control characters discussed previously are used to
define options.
TELNET Option Negotiation
Offer to enable an option
WILL
Will I enable the option?
DO or DONT
Do (or don’t) enable the option
Request to enable an option
DO
Do enable the option
WILL or WONT
I will (won’t) enable the option
Offer to disable an option
WONT
I won’t use the option any more
DONT
Don’t use it
Request to disable an option
DONT
Don’t use the option any more
WONT
I won’t
Example 20.1
• Figure shows an example of option negotiation.
• In this example, the client wants the server to echo
each character sent to the server.
• In other words, when a character is typed at the
user keyboard terminal,
• it goes to the server and is sent back to the
screen of the user before being processed.
• The echo option is enabled by the server because it
is the server
• that sends the characters back to the user
terminal.
Example 20.1 Echo option
• Therefore, the client should request from the server the
enabling of the option using DO.
• The request consists of three characters: IAC,
DO, and ECHO.
• The server accepts the request and enables the option.
• It informs the client by sending the three-character
approval: IAC, WILL, and ECHO.
Do enable the echo option

1 ECHO DO IAC
IAC WILL ECHO 2

I will enable the echo option
• TELNET: Symmetric option Negotiation
• Suboption Negotiation
Example of sub-option negotiation
I will enable the terminal option

1 Terminal type WILL IAC
Do enable terminal option
IAC DO Terminal type 2
Set the terminal type to “VT”

3 SE IAC ‘T’ ‘V’ Terminal type SB IAC
Controlling the TELNET Server
Example of interrupting an application program
Out-of-band signaling
• To make control characters effective in special situations,
TELNET uses out-of-band signaling.
• In out-of-band signaling, the control characters are

preceded by IAC and are sent to the remote process.
Data DM IP IAC Data

Kept Discarded
Urgent pointer
Two different interruptions
• A character typed by the user is normally sent to the server.
• However, sometimes the user wants characters interpreted
by the client instead of the server.
• In this case, the user can use an escape character, normally
Ctrl+] (shown as ^]).
TELNET Modes of Operation
 Three Modes
 Default Mode
 Echoing is done by clients
 After sending whole line to server wait for GA from server
to go the next line
 Half duplex communication hence obsolete
 Character Mode
 Full duplex comm TCP
 Echoing of Character is delayed due to Tt is long
 Create overhead as more TCP segments are sent
 Line Mode:
 superior to both.
 Line editing is done by the client, then sent to server,
 full duplex, without GA from server
Example 20.2
In this example, we use the default mode to show the concept and
its deficiencies even though it is almost obsolete today.
The client and the server negotiate the terminal type and terminal
speed and then the server checks the login and password of the
user (see Figure 20.15).
Example 20.2 Default Mode
GO AHEAD 1
2 WILL TERMINAL TYPE
DO TERMINAL TYPE 3
GO AHEAD 4
5 WILL TERMINAL SPEED
DONT TERMINAL SPEED 6

Login: 7
GO AHEAD 8
9 forouzan
Password: 10
GO AHEAD 11
12 XXXXX
GO AHEAD 13
14 cp file1 file2
Example 20.3
In this example, we show how the client switches to the character
mode.
This requires that the client request the server to enable the
SUPPRESS GO AHEAD and ECHO options (see Figure 20.16).
Example 20.3Character Mode
GO AHEAD 1
2 DO SUPPRESS GO AHEAD
WILL SUPPRESS GO AHEAD 3
4 DO ECHO
WILL ECHO 5
Login: 6
7 f
f 8
9 o
o 10
USER INTERFACE
TELNET Security Issue
 TELNET suffers from security problems.
 Although TELNET requires a login name
and password (when exchanging text),
often this is not enough.
 A microcomputer connected to a
broadcast LAN can easily eavesdrop
using snooper software and
 capture a login name and the corresponding
password (even if it is encrypted).
SECURE SHELL (SSH)
• Another popular remote login application program

is Secure Shell (SSH).
• uses TCP as the underlying transport protocol,
• more secure than telnet
• provides more services than TELNET.
Topics Discussed in the Section
 Versions
• Two version but totally incompatible
• SSH-1 is deprecated, security flaws
• SSH-2
 Components
 Port Forwarding
 Format of the SSH Packet

What is Secure Shell ?
 Powerful, convenient approach to protecting

communications on a computer network
 Provides a secure channel for data transmission
 Not a command interpreter
 Provides a secure pipe to open up a command
interpreter
 Supports secure remote logins, secure remote command
execution, secure file transfers
 Has a client server architecture – SSH server program
and client program
SSH : Features
 Privacy : via strong end-to-end encryption- DES, IDEA,
Blowfish
 Integrity : via 32 bit Cyclic Redundancy Check (CRC-32)
 Authentication : server via server’s host key,
client usually via password or public key
 Authorization : controlled at a server wide level or per account
basis
 Forwarding : encapsulating another TCP based service such as
Telnet within an SSH session
Components of SSH
SSH: Port forwarding
SSH packet format
Security Mechanism
Establishing the Secure Connection
 The client initiates the connection by sending a request to the TCP
port of the SSH server

 Server reveals it's SSH protocol version to the client
 If the client and server decide their versions are compatible, the
connection proceeds
 SSH server sends the following to the client - host key, the server
key, a list of supported encryption, compression and authentication

methods, and a sequence of eight random bytes
 Client checks identity of server by using the host key against known
hosts database
 Client generates a session key and double encrypts it using the host
key & server key

 Client sends encrypted session key along with check bytes and
acceptable algorithm
Authentication
 Server then decrypts the encrypted session key it received
 Server sends a confirmation encrypted with this session key
 Client receives confirmation, confirms server authentication
 Client Authentication usually either by Password
Authentication or Public key Authentication
 Server confirms client authorization
 Generates a 256 bit random challenge, encrypts it with
clients public key, and sends to client
 Client decrypts challenge, generates a hash value with a
session identifier (commonly generated random string at
beginning of session), and sends to server
 Server generates hash, if both match, session is
authenticated

CH 20 Telnet SSH SDP

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CH 20 Telnet SSH SDP

Uploaded by

Copyright:

Available Formats

Remote Login: TELNET

S D Patil, RGIT, Mumbai

• An abbreviation for TErminaL NETwork.

• The standard TCP/IP protocol for virtual terminal

• Enables the establishment of a connection to a

cat file1 cat filea name is mistyped

Do enable the echo option

IAC WILL ECHO 2

I will enable the terminal option

Set the terminal type to “VT”

• In out-of-band signaling, the control characters are

Data DM IP IAC Data

DONT TERMINAL SPEED 6

• Another popular remote login application program

• uses TCP as the underlying transport protocol,

• more secure than telnet

• provides more services than TELNET.

 Format of the SSH Packet

 Powerful, convenient approach to protecting

port of the SSH server

key, a list of supported encryption, compression and authentication

key & server key

You might also like