Remote Login: TELNET

and SSH

S D Patil, RGIT, Mumbai

[email protected]
 OBJECTIVES:
 To introduce the TELNET protocol and show how it implements
local and remote login.
 To discuss options and sub-options used in TELNET and how
they are negotiated.
 To define out-of-band signaling in TELNET.
 To define different modes of operations in TELNET.
 To introduce SSH as an alternative to TELNET.
 To show how different components of SSH are combined to
provide a secure connection over an insecure TCP connection.
 To discuss port-forwarding in SSH and how it can be used to
provide security for other applications.

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 2
TELNET

• An abbreviation for TErminaL NETwork.

• The standard TCP/IP protocol for virtual terminal

service as proposed by ISO.

• Enables the establishment of a connection to a

remote system in such a way that
• the local terminal appears to be a terminal at the
remote system.
• TELNET: general-purpose client-server
application program.
12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 3
Topics Discussed in the Section
 Concepts
 Time-Sharing Environment
 Network Virtual Terminal (NVT)
 Embedding
 Options and Suboption Negotiation
 Controlling the Server
 Out-of-Band Signaling
 Escape Character
 Modes of Operation
 User Interface
 Security Issue
12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 4
 Local login

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 5
 Remote login

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 6
 Concept of NVT

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 7
 Format of data and control characters

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 8
12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 9
 An example of embedding
• Telnet uses only one TCP connection
• Server: well known port 23
• Client : an ephemeral port
• Same connection is used for sending data and control cha
• Embedding control the character in the data stream
• Distinguishing them IAC : interpret as control is used
• User want a server to display a file on a remote computer

cat file1 cat filea name is mistyped

cat filea<backspace>1

c a t f i l e a IAC EC 1

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 10
 TELNET Options
• TELNET lets the client and server negotiate options before or
during the use of the service.
• Options are extra features available to a user with a more
sophisticated terminal.
• Users with simpler terminals can use default features.
• Some control characters discussed previously are used to
define options.

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 11
 TELNET Option Negotiation

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 12
 Offer to enable an option

WILL
Will I enable the option?

DO or DONT
Do (or don’t) enable the option

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 13
 Request to enable an option

DO
Do enable the option

WILL or WONT
I will (won’t) enable the option

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 14
 Offer to disable an option

WONT
I won’t use the option any more

DONT
Don’t use it

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 15
 Request to disable an option

DONT
Don’t use the option any more

WONT
I won’t

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 16
Example 20.1
• Figure shows an example of option negotiation.
• In this example, the client wants the server to echo
each character sent to the server.
• In other words, when a character is typed at the
user keyboard terminal,
• it goes to the server and is sent back to the
screen of the user before being processed.
• The echo option is enabled by the server because it
is the server
• that sends the characters back to the user
terminal.

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 17
 Example 20.1 Echo option
• Therefore, the client should request from the server the
enabling of the option using DO.
• The request consists of three characters: IAC,
DO, and ECHO.
• The server accepts the request and enables the option.
• It informs the client by sending the three-character
approval: IAC, WILL, and ECHO.

Do enable the echo option

1 ECHO DO IAC

IAC WILL ECHO 2

I will enable the echo option
12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 18
 • TELNET: Symmetric option Negotiation

• Suboption Negotiation

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 19
 Example of sub-option negotiation

I will enable the terminal option

1 Terminal type WILL IAC
Do enable terminal option
IAC DO Terminal type 2

Set the terminal type to “VT”

3 SE IAC ‘T’ ‘V’ Terminal type SB IAC

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 20
 Controlling the TELNET Server

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 21
 Example of interrupting an application program

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 22
 Out-of-band signaling
• To make control characters effective in special situations,
TELNET uses out-of-band signaling.

• In out-of-band signaling, the control characters are

preceded by IAC and are sent to the remote process.

Data DM IP IAC Data

Kept Discarded
Urgent pointer

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 23
 Two different interruptions
• A character typed by the user is normally sent to the server.
• However, sometimes the user wants characters interpreted
by the client instead of the server.
• In this case, the user can use an escape character, normally
Ctrl+] (shown as ^]).

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 24
 TELNET Modes of Operation
 Three Modes
 Default Mode
 Echoing is done by clients
 After sending whole line to server wait for GA from server
to go the next line
 Half duplex communication hence obsolete
 Character Mode
 Full duplex comm TCP
 Echoing of Character is delayed due to Tt is long
 Create overhead as more TCP segments are sent
 Line Mode:
 superior to both.
 Line editing is done by the client, then sent to server,
 full duplex, without GA from server

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 25
Example 20.2
In this example, we use the default mode to show the concept and
its deficiencies even though it is almost obsolete today.

The client and the server negotiate the terminal type and terminal
speed and then the server checks the login and password of the
user (see Figure 20.15).

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 26
 Example 20.2 Default Mode

GO AHEAD 1
2 WILL TERMINAL TYPE

DO TERMINAL TYPE 3
GO AHEAD 4
5 WILL TERMINAL SPEED

DONT TERMINAL SPEED 6

Login: 7
GO AHEAD 8
9 forouzan

Password: 10
GO AHEAD 11
12 XXXXX

GO AHEAD 13
14 cp file1 file2

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 27
Example 20.3
In this example, we show how the client switches to the character
mode.

This requires that the client request the server to enable the
SUPPRESS GO AHEAD and ECHO options (see Figure 20.16).

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 28
 Example 20.3Character Mode

GO AHEAD 1
2 DO SUPPRESS GO AHEAD
WILL SUPPRESS GO AHEAD 3
4 DO ECHO
WILL ECHO 5
Login: 6
7 f
f 8
9 o
o 10

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 29
 USER INTERFACE

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 30
 TELNET Security Issue
 TELNET suffers from security problems.
 Although TELNET requires a login name
and password (when exchanging text),
often this is not enough.
 A microcomputer connected to a
broadcast LAN can easily eavesdrop
using snooper software and
 capture a login name and the corresponding
password (even if it is encrypted).

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 31
 SECURE SHELL (SSH)

• Another popular remote login application program

is Secure Shell (SSH).

• uses TCP as the underlying transport protocol,

• more secure than telnet

• provides more services than TELNET.

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 32
Topics Discussed in the Section
 Versions
• Two version but totally incompatible
• SSH-1 is deprecated, security flaws
• SSH-2

 Components

 Port Forwarding

 Format of the SSH Packet

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 33
 What is Secure Shell ?

 Powerful, convenient approach to protecting

communications on a computer network
 Provides a secure channel for data transmission
 Not a command interpreter
 Provides a secure pipe to open up a command
interpreter
 Supports secure remote logins, secure remote command
execution, secure file transfers
 Has a client server architecture – SSH server program
and client program

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 34
 SSH : Features
 Privacy : via strong end-to-end encryption- DES, IDEA,
Blowfish
 Integrity : via 32 bit Cyclic Redundancy Check (CRC-32)
 Authentication : server via server’s host key,
client usually via password or public key
 Authorization : controlled at a server wide level or per account
basis
 Forwarding : encapsulating another TCP based service such as
Telnet within an SSH session
12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 35
 Components of SSH

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 36
 SSH: Port forwarding

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 37
 SSH packet format

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 38
 Security Mechanism
Establishing the Secure Connection
 The client initiates the connection by sending a request to the TCP

port of the SSH server

 Server reveals it's SSH protocol version to the client

 If the client and server decide their versions are compatible, the

connection proceeds
 SSH server sends the following to the client - host key, the server

key, a list of supported encryption, compression and authentication

methods, and a sequence of eight random bytes
 Client checks identity of server by using the host key against known

hosts database
 Client generates a session key and double encrypts it using the host

key & server key

 Client sends encrypted session key along with check bytes and

acceptable algorithm
12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 39
 Authentication
 Server then decrypts the encrypted session key it received
 Server sends a confirmation encrypted with this session key
 Client receives confirmation, confirms server authentication
 Client Authentication usually either by Password
Authentication or Public key Authentication
 Server confirms client authorization
 Generates a 256 bit random challenge, encrypts it with
clients public key, and sends to client
 Client decrypts challenge, generates a hash value with a
session identifier (commonly generated random string at
beginning of session), and sends to server
 Server generates hash, if both match, session is
authenticated

12/22/22 08:15 AM S D Patil, RGIT, Mumbai ( REF: TCP/IP Protocol Suite by Forouzan) 40