Telnet (Terminal Network) is a protocol that commonly provides a virtual text-based command line interface at a remote location.

Telnet clients (the software that implements the telnet protocol) are built into virtually every operating system available, and if not available natively, there are many options available for download, such as PuTTY, AbsoluteTelnet, and TeraTerm. It is worth noting that these clients do not only offer telnet implementation, but usually also offer at least SSH implementation as well.

Why not telnet?

If you do any further reading on the telnet protocol, at some point you will come across an article highlighting its security flaws. Unfortunately these complaints are warranted as telnet is inherently insecure. When a telnet connection is made to a server, all your credentials including your username, password and location are broadcast to the server in plain text. All your vital security information is available in what is essentially a text file to anyone viewing or intercepting the packets and analysing them.

It is worth bearing in mind that the telnet protocol was developed in 1969, when the largest networks in the world were academic, and global security was not really an issue. However, telnet is considered so insecure that there are many advocates for removing the protocol software from any further operating system releases, and many educational establishments ban the telnet protocol entirely.

Obviously with this glaring security issue, we felt it was impossible to allow the telnet protocol across our stack, so the obvious solution for us and the majority of other users is to use SSH.

Why SSH?

SSH was designed specifically as a replacement to telnet, and other insecure protocols such as rsh. It is primarily used on UNIX/Linux systems, but is now offered via proprietary software on every major operating system. Primarily SSH is used to access and execute commands on a remote system and for securely transferring files.

SSH is considered secure as it uses public-key cryptography to authenticate the remote computer, and unlike symmetric key algorithms there is no need for an initial exchange of secret keys between the sender and receiver.

It uses a pair of keys (public and private) to create a digital signature that encrypts the information being sent to the receiver, which is then authenticated by the public key, which is broadcast with the request. Messages encrypted with a public key can only be decrypted with the corresponding private key, which is never broadcast, so the system is inherently secure.

Joe Gardiner General Manager

Joe is the General Manager of CatN. He oversees product development, customer engagement and commercial activities. You can find him on Google Plus.