Old vs New, SSH and Telnet

As a developer of terminal emulation software we're acutely aware of legacy technologies and the role they have played and in the evolution of windows terminal emulator software. This article is the first in a series that takes a look at some of the standards, old and new, that have played a role in terminal history.

Telnet

Telnet is a networking protocol and part of the TCP/IP stack which virtually all network and internet traffic utilizes. It's best known for allowing remote shell access to Unix and Unix type systems, though it's available on all manner of devices and operating systems. Along with rlogin it was, and occasionally still is, widely used for remote access by users and administrators, in fact Telnet is included in every piece of windows terminal emulation software that Turbosoft offers.

It is, however, something of an obsolete protocol and the reason for this is that it lacks an essential feature. It's not secure.

Telnet does not encrypt it's data stream and while data security may not have been deemed critical in years gone by a lack of encryption across Telnet sessions makes it unacceptable in a modern day network environment. Without encryption anyone armed with nothing more than a packet sniffer can intercept traffic and read passwords and usernames in plain text.

Telnet over TLS, Telnet-S

This lack of security really was a death knell for Telnet and, as the number of internet users rose dramatically in the 1990's, the use of Telnet slumped in a similarly dramatic fashion. However there are still occasions where Telnet is required and this has led to solutions being developed with the aim of providing a secure connection.

One such solution was to tunnel a Telnet session over the Transport Layer Security (TLS) protocol. The TLS protocol and the related SSL (Secure Sockets Layer) protocol DO provide encryption and are used to encapsulate Telnet data to provide a secure host connection. TTWin 4 supports Telnet over TLS and SSL.

In another variation, an improved version of Telnet allows the client to first connect to the host via standard Telnet and negotiate an SSL connection with the host. However this method of securing a connection is quite rare.

These solutions are particularly useful when requiring a Telnet connection for example when using a 5250 or 3270 emulation with the tn3270 or tn5250 protocol.

SSH

These days network and systems administrators place a far greater emphasis on data security and this has lead to Telnet largely being replaced by a far more secure alternative; SSH. First released in 1995 SSH was developed with the explicit intent of providing a secure replacement for Telnet, rlogin and others. It relies on strong public-key cryptography and is available on most modern operating systems.

Almost all Turbosoft's terminal emulation products support SSH and also SSH tunnelling for Telnet. Tunnelling is a method where a link is established with a host through one (secure) protocol and then another connection (in this case with an insecure protocol like Telnet) is made within that established connection. The end result being a secure Telnet session. This is particularly useful when connecting to hosts which support SSH but does not support an SSH shell.

|