Is telnet secure? 1

[dmaranan]

Here is possibly a stupid question:

Is Microsoft Telnet secure? Someone told me it might be possible for someone to find out my username and password unless I use encrypted software. If telnet isn't secure, what do most sysadmins do to access the servers remotely?

 

[rycamor]

Ouch, not only is it telnet, but it's Microsoft Telnet. Run!!!

Telnet transmits all information in plain text, so anyone sniffing your network would have no problem figuring out your passwords, or even what you are doing on the system.

SSH, or secure shell, is the proper protocol for remote systems management. You can get SSH for Windows and Unix at

http://www.ssh.com,

or

http://www.openssh.org.

OpenSSH is free, but it is promarily for Unix. SSH is for Unix and Windows, and has some nice packaged features in addition. But, there is a Windows version of OpenSSH at

http://www.networksimplicity.com/openssh/.

I have no idea how mature that software is, though.

Anyway, SSH uses standard public/private key encryption to transmit all data, and you can shoose among many encryption algorithms, so it is at least a good security baseline. Even when using this, though, it pays to keep up with security advisories, because occasionally vulnerabilities are discovered.

Using the SSH protocols, you can actually do other things besides just operating a text-mode shell. For example, with a little more work, you can tunnel any sort of TCP/IP communications through SSH, thus allowing for secure file transfers, or even secure GUI access to the remote desktop, using VNC (

http://www.uk.research.att.com/vnc/)

-------------------------------------------

"Calculus is just the meaningless manipulation of higher symbols"
                          -unknown F student

 

[FilthPig]

Good information from rycamor. This is just additional info. Depending on what systems you're an administrator for, telnet may not be enough. I'm an NT sysadmin, and have a VPN server set up. This allows me to get to any and all of my admin tools remotely, using strong (128-bit) encryption. This allows me, as an authenticated user from an allowed IP address, to use all traffic on all ports, tunneled through just one open port in my firewall. Only problem with this is that if you're on a dial-up connection, the overhead of the encryption would make it even slower than it already is (love that cable modem). Marc Creviere

 

[chiph]

Another unsecure protocol is FTP (it also sends passwords in the clear). Luckily, there's a SFTP version available. But it requires that both ends support it, so if you're looking to use it to download the latest iso's from RedHat, probably not going to happen.

Chip H.

 

[johnhoke]

Chiph... true, but for anonymous ftp, why use sftp?

the overhead is not worth the return

---
John Hoke
If you found this post helpfull, please click below and let us know!

 

[chiph]

Chiph... true, but for anonymous ftp, why use sftp?

Just because you can.
<grin>

Chip H.

 

[johnhoke]

LOL

Ok, touche!

---
John Hoke
If you found this post helpfull, please click below and let us know!

 

[dmaranan]

Thanks for the replies. I was able to get ssh for free from ssh.com because I work at an education instution. The client software they provide is also free, and works great!

 

[peterve]

oh yeah, by the way : use sshv2 or better... --------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------