There is a wave of outstanding qualms about the capability and security of the current telnet program. The current telnet system slows drastically when there are a number of users logged on simultaneously. Users have also been complaining about the high load of unsolicited emails they have been receiving, which suggests that the system been subjected to email spoofing attacks. Further, telnet ignores hosts.equiv or .rhosts, which is supposed to give users same access permissions on remote system. Therefore, this paper recommends replacing the existing system with some other similar commercial or noncommercial system like secure shell (SSH), or remote login (rlogin). However, there is a consensus among industry experts that secure shell (SSH) is the best option.

Originally developed as a free software Unix, a wide variety of both commercial and noncommercial programs that implement the SSH program are now available for Unix, Windows, Mac OS, and other platforms. According to the OpenBSD Reference Manual, secure shell (SSH) is a protocol for logging into and executing commands on a remote machine. Primarily SSH was developed to replace, rlogin and rsh, but it can also replace telnet, and provide secure encrypted communications between two hosts over an insecure network system.

The SSH protocol uses TCP port 22 to provide secure remote access by using strong authentication and encryption. Even when data is intercepted, the attacker cannot decipher the information. In addition, data can be compressed under SSH program to speedup traffic.  Unix also makes use of a utility called security_patch_check, which automates the process of analyzing security patches that are already on the system and reporting on patches that should be added

With SSH, it’s better to log on through the syslog daemon in Unix. Users can use SSH to log on to a remote system by typing ‘ssh hostname’ from the Unix command-line. The program will contact the remote system, prompt for user password, and send it encrypted over the network. If the password matches the password for the account, the remote system allows users to log in. If user’s authorized public key is in the system, that user can log on without his/her password as opposed to telnet that requires a user to enter user-id and password each time you try to access the system. Telnet transmits its password in the clear although the password is hidden to appear invisible, but actually its not encrypted.

For security purposes, the SSH program uses the public keys for identification and authorization. Hence, traffic over the Internet are protected and encrypted from eavesdropping, IP-spoofing, and connection hijacking with ciphers such as IDEA, 3DES, and RC4-128. The SSH also uses a variety other authentication schemes such as, a combination of password and Kerberos, RADIUS, and the RSA authentication system, which is based on public key cryptography. The RSA encryption keys are often destroyed each time they are used and new ones generated. This capability is lacking in telnet, which uses plain text to transmit its unsecured contents thus making it vulnerable to attacks.

In Unix, it’s fairly simple to create a pair of SSH RSA keys with ssh-keygen program. The result being these two files created: $HOMW/.ssh/identity.pub for a public key and $HOMW/.ssh/identity for the private key. The public key will then be placed manually in ssh/authorized_key file that contains a list of keys that are authorized to log into the system with providing a password. Public key authentication is very effective for protection against DoS attacks. Other very important services provided by secure shell (SSH) include supporting for tunneling TCP sessions, which permits the user to secure not only login sessions, but also e-mail, file transfers, such as secure copy (SCP) or secure FTP (SFTP), and X Window commands.

The Internet is like a war zone with users playing by their own rules. Thus security is a very big concern and each person is responsible for protecting his or her own commercial or noncommercial interests and assets. In this regard, and due to the subject matter discussed above, secure shell (SSH) is highly recommended for an immediate implementation/realization. Not only is it secure, but also free and requires much less effort to set up than other network authentication protocols like Kerberos or IPSEC.


References:

Arregoces, M. & Portolani, M. (2004). Data Center Fundamentals Cisco Press.

Garfinkel, S. & Spafford, G (2002). Web Security, Privacy & Commerce ,2nd Ed. O'Reilly

Rosen, K., Host, D., Farber, J., and Rosinski, (2007). R.UNIX: The complete Reference. 2nd Edition. McGraw-Hill,

Stair R., Reynolds, G. (2006). “Principles of Information Systems, 7th Ed.” Massachusetts: Thomson Course Tech

OpenBSD Reference Manual. Retrieved January 29, 2007
http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1

OpenSSH, Keeping your communiqués Secret
Retrieved February 2, 2007 from http://www.openssh.org/

Curley, Charles, 2001. So your monitor died.
http://www.linuxjournal.com/article/5405

Secure Shell (SSH) at SLAC, Updated: 20 Nov 2003
Retrieved January 31, 2007 from http://www.slac.stanford.edu/comp/unix/ssh.html

SSH
Retrieved February 1, 2007 from http://www.lava.net/support/SSH