Experiment No.

04
Title: Analysis of SSH (Secure Shell) and Telnet on client server Application. Object: To analysis the secure connection establishment through SSH and Telnet on

client server application.

Lab Tasks

Telnet to the server and login with your username and password. Logout. SSH to the server and login with your username and password. Logout. Stop ethereal and read the trace.
Description: 1. OPEN SSH:

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The OpenSSH suite includes the following tools: ssh, a replacement for rlogin and telnet to allow shell access to a remote machine. scp, a replacement for rcp, and sftp, a replacement for ftp to copy files between computers. sshd, the SSH server daemon. ssh-keygen, a tool to inspect and generate the RSA and DSA keys that are used for user and host authentication. ssh-agent and ssh-add, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used. ssh-keyscan, which scans a list of hosts and collects their public keys. The OpenSSH server can authenticate users using the standard methods supported by the ssh protocol: with a password; public-key authentication, using per-user keys; host-based authentication, which is a secure version of rlogin's host trust relationships using public keys; keyboard-interactive, a generic challenge-response mechanism that is often used for simple password authentication but which can also make use of stronger authenticators such as tokens; and Kerberos/GSSAPI. The server makes use of authentication methods native to the host operating system; this can include using the BSD authentication system (bsd auth) or PAM to enable additional authentication through methods such as one time passwords. An SSH server, by default, listens on the standard TCP port 22. An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems.

2. TELNET:

Telnet (Telecommunication network) is a network protocol used on the Internet or local area network (LAN) connections. Typically, Telnet provides access to a command-line interface on a remote machine. The term telnet also refers to software which implements the client part of the protocol. Telnet clients are available for virtually all computer platforms. Most network equipment and OS with a TCP/IP stack support some kind of Telnet service server for their remote configuration (including ones based on Windows NT). Because of security issues with Telnet, its use has waned in favor of SSH for remote access.
3. PUTTY:

PUTTY is a free SSH, Telnet and Rlogin client for 32-bit Windows systems. We have used here putty software to make logging in to a multi-user computer from another computer, over a network. SSH, Telnet and Rlogin are network protocols that allow you to do this. On the computer you sit at, you run a client, which makes a network connection to the other computer (the server). The network connection carries your keystrokes and commands from the client to the server, and carries the server's responses back to you. These protocols can also be used for other types of keyboard-based interactive session. In particular, there are a lot of bulletin boards, talker systems and MUDs (Multi-User Dungeons) which support access using Telnet. There are even a few that support SSH.

DIFFERENCE BETWEEN TELNET AND SSH:

This list summarizes some of the differences between SSH, Telnet and Rlogin.

SSH (which stands for secure shell) is a recently designed, high-security protocol. It uses strong cryptography to protect your connection against eavesdropping, hijacking and other attacks. Telnet and Rlogin are both older protocols offering minimal security. SSH and Rlogin both allow you to log in to the server without having to type a password. (Rlogin's method of doing this is insecure, and can allow an attacker to access your account on the server. SSH's method is much more secure, and typically breaking the security requires the attacker to have gained access to your actual client machine.) SSH allows you to connect to the server and automatically send a command, so that the server will run that command and then disconnect. So you can use it in automated processing.

The Internet is a hostile environment and security is everybody's responsibility. If you are connecting across the open Internet, then we recommend you use SSH. If the server you want to connect to doesn't support SSH, it might be worth trying to persuade the administrator to install it. If your client and server are both behind the same (good) firewall, it is more likely to be safe to use Telnet or Rlogin, but we still recommend you use SSH.

IMPLEMENTATION:

We have implemented TELNET and SSH on software for Windows based environment namely Bitwise SSH. To implement the TELNET service the only thing which has to be done is to activate the TELNET service from the control panel and have the data viewed from any Protocol tracing software such as Ethereal or Soft Perfect Protocol Analyzer. The detail of work done is shown below in form of snapshots .

WITH OPEN SSH:

OPEN WITH TELNET:

Lab Task:

This Lab requires two computers with OpenSSH and Telenet client and servers installed. You can use 1st PC as client and 2nd PC as server. Start ethereal (or wire shark) on the client machine. telnet to the server and login with your username and password. Logout. Ssh to the server and login with your username and password. Logout. Stop ethereal and read the trace. Note the difference in the two logins?