Telnet and SSH provide remote access to network devices, but SSH is the best option hands down and the most commonly used of the two protocols today. Both are application layer protocols used for remotely interacting devices on your network including hosts and managed routers. The main difference between Telnet and SSH is the security. SSH provides encryption and authentication by default whereas Telnet does not.

Secure Shell (SSH)

SSH was designed to provide secured remote access to devices on a network, replacing older protocols such as Telnet and rsh. Today it is widely used to access Unix-like (including Linux) hosts and most network devices such as routers and switches from vendors such as Cisco and Juniper.

It is commonly used by network and system administrators to remotely administer devices over both private networks and the Internet. It provides authentication of the remote computer (checking that it is who you think it is) using public-key cryptography and it encrypts the traffic between the two hosts. There are two primary ways SSH is used:

  • With username / password authentication for login.

  • Using public/private key pairs – you add your public key to the machine you wish to access remotely and then use your private key to authenticate (without sharing it).

SSH runs over TCP and has been assigned port number 22 by IANA. Specific usage details vary between platforms but typically you connect to a remote server using a command like

ssh [email protected]

You may also use an IP address instead of a hostname if necessary.

As well as providing basic shell access, it is also possible to forward applications over the connection. The protocol is also used by other protocols such as Secure FTP (SFTP and

SSHv1 and SSHv2

Today SSHv2 is the most common and should be used in any new setups. SSH version 2 addresses some security issues with version 1. In use, SSHv2 is very similar to SSHv1. Version 2 is defined by RFC 4254 which summarizes its purpose as follows.

“Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network… It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections.”

Telnet

Telnet is defined by RFC 854 which was posted in 1983! It’s purpose is summarized nicely by the RFC:

“The purpose of the TELNET Protocol is to provide a fairly general, bi-directional, eight-bit byte oriented communications facility. Its primary goal is to allow a standard method of interfacing terminal devices and terminal-oriented processes to each other."

It enables a ‘user host’ with a Telnet client to connect to a remote ‘server host’ running a Telnet server. The user can then interact with a ‘virtual terminal’ on that server. This is great for the remote administration of devices on a network and Telnet has historically been available on most hosts and network devices. Telnet runs over TCP and is assigned port 23 by IANA.

Although usage details vary between clients, telnet is typically used with a simple command like

telnet 192.168.10.1

You may also use a hostname instead of an IP address.

Is Telnet Secure?

Telnet is not secure by default and should not be used – particularly not over the Internet. Telnet was developed before the Internet, at a time when networks were generally completely segregated and belonging to academic and government institutions. At the time, security was not a major consideration. By default the protocol sends data as clear text and does not provide authentication between hosts. Anyone who has access to the network you are on can see everything that is sent, including usernames and passwords. It is possible to add some security to Telnet for example using Kerberos to provide authentication and enable encryption – RFC 2942 describes how this can be achieved. However today, this rarely implemented and SSH should be used.