Telnet vs SSH

Lesson

Telnet and SSH provide remote access to network devices, but SSH is far superior and the most commonly used of the two protocols today. Both are application layer protocols used for remotely interacting devices on your network, including hosts and managed routers. The main difference to consider between Telnet and SSH is how secure they are. SSH provides encryption and authentication by default, whereas Telnet does not.

Secure Shell (SSH)

SSH was designed to provide secured remote access to devices on a network, replacing older protocols such as Telnet and Remote Shell (rsh). Today it is widely used to access Unix-like (including Linux) hosts and most network devices such as routers and switches from vendors such as Cisco and Juniper.

Network and system administrators often use SSH for remote administration of devices. SSH is used over internal, private networks and the Internet. It provides authentication of the remote computer (checking that it is who you think it is) using public-key cryptography and it encrypts the traffic between the two hosts.

There are two primary ways to authenticate with SSH:

With username/password authentication for login.
With public/private key pairs. You add your public key to the machine you wish to access remotely and then use your private key (on the local machine) to authenticate.

SSH runs over TCP and has been assigned port number 22 by IANA. Specific usage details vary between platforms, but typically you connect to a remote server (which is running SSH) using a command like:

ssh user@hostname

You may also use an IP address instead of a hostname if necessary.

As well as providing basic shell access, it is also possible to forward applications over the connection. The protocol is also used by other protocols such as Secure FTP (SFTP).

SSHv1 and SSHv2

Today SSHv2 is the most common and should be used in any new setups. SSH version 2 addresses some security issues with version 1. In use, SSHv2 is very similar to SSHv1. Version 2 is defined by RFC 4254, which summarizes its purpose as follows.

'Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network… It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections.'

Telnet

Telnet is defined by RFC 854, which was posted in 1983! Its purpose is summarized nicely by the RFC:

'The purpose of the TELNET Protocol is to provide a fairly general, bi-directional, eight-bit byte oriented communications facility. Its primary goal is to allow a standard method of interfacing terminal devices and terminal-oriented processes to each other.'

It enables a 'user host' with a Telnet client to connect to a remote 'server host' running a Telnet server. The user can then interact with a 'virtual terminal' on that server. This is great for the remote administration of devices on a network and Telnet has historically been available on most hosts and network devices. Telnet runs over TCP and is assigned port 23 by IANA.

Although usage details vary between clients, Telnet is typically used with a simple command like

telnet 192.168.10.1

You may also use a hostname instead of an IP address.

Is Telnet Secure?

Telnet is not secure by default and should not be used – particularly not over the Internet. Telnet was developed before the Internet, at a time when networks were generally completely segregated and belonging to academic and government institutions. At the time, security was not a significant consideration. By default, the protocol sends data as clear text and does not provide authentication between hosts. Anyone who has access to the network you are on can see everything that is sent, including usernames and passwords.

It is possible to add some security to Telnet. For example, using Kerberos to provide authentication and enable encryption – RFC 2942 describes how this can be achieved. However, today, this rarely implemented, and SSH should be used.