ferry astika saputra
DESCRIPTION
Workshop Administrasi Jaringan TELNET & SSH. Ferry Astika Saputra. OBJECTIVES:. To introduce the TELNET protocol and show how it implements local and remote login. To discuss options and sub-options used in TELNET and how they are negotiated. To define out-of-band signaling in TELNET. - PowerPoint PPT PresentationTRANSCRIPT
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Ferry Astika Saputra
Workshop Workshop Administrasi JaringanAdministrasi Jaringan
TELNET TELNET && SSH SSH
OBJECTIVES:OBJECTIVES:
TCP/IP Protocol Suite 2
To introduce the TELNET protocol and show how it implements local and remote login.
To discuss options and sub-options used in TELNET and how they are negotiated.
To define out-of-band signaling in TELNET.
To define different modes of operations in TELNET.
To introduce SSH as an alternative to TELNET.
To show how different components of SSH are combined to provide a secure connection over an insecure TCP connection.
To discuss port-forwarding in SSH and how it can be used to provide security for other applications.
3
20-1 TELNET
TELNET is an abbreviation for TErminaL NETwork. It is the standard TCP/IP protocol for virtual terminal service as proposed by ISO. TELNET enables the establishment of a connection to a remote system in such a way that the local terminal appears to be a terminal at the remote system.
TCP/IP Protocol Suite 4
Topics Discussed in the SectionTopics Discussed in the Section
Concepts Time-Sharing Environment Network Virtual Terminal (NVT) Embedding Options and Suboption Negotiation Controlling the Server Out-of-Band Signaling Escape Character Modes of Operation User Interface Security Issue
TCP/IP Protocol Suite 5
TELNET is a general-purpose client-server application program.
Note
TCP/IP Protocol Suite 6
Figure 20.1 Local login
TCP/IP Protocol Suite 7
Figure 20.2 Remote login
TCP/IP Protocol Suite 8
Figure 20.3 Concept of NVT
TCP/IP Protocol Suite 9
Figure 20.4 Format of data and control characters
TCP/IP Protocol Suite 10
TCP/IP Protocol Suite 11
Figure 20.5 An example of embedding
c a t f i e al IAC EC 1
TCP/IP Protocol Suite 12
TCP/IP Protocol Suite 13
TCP/IP Protocol Suite 14
Figure 20.6 Offer to enable an option
WILL
Will I enable the option?
DO or DONT
Do (or don’t) enable the option
TCP/IP Protocol Suite 15
Figure 20.7 Request to enable an option
DO
Do enable the option
I will (won’t) enable the option
WILL or WONT
TCP/IP Protocol Suite 16
Figure 20.8 Offer to disable an option
WONT
I won’t use the option any more
DONT
Don’t use it
TCP/IP Protocol Suite 17
Figure 20.9 Request to disable an option
DONT
Don’t use the option any more
WONT
I won’t
TCP/IP Protocol Suite 18
Figure 20.10 shows an example of option negotiation. In this example, the client wants the serverto echo each character sent to the server. In other words, when a character is typed at the user keyboard terminal, it goes to the server and is sent back to the screen of the user before being processed. The echo option is enabled by the server because it is the server that sends the characters back to the user terminal. Therefore, the client should request from the server the enabling of the option using DO. The request consists of three characters: IAC, DO, and ECHO. The server accepts the request and enables the option. It informs the client by sending the three-character approval: IAC, WILL, and ECHO.
ExampleExample 20.1
TCP/IP Protocol Suite 19
Figure 20.10 Example 20.1: Echo option
Do enable the echo option
IACDOECHO1
I will enable the echo option
IAC WILL ECHO 22
TCP/IP Protocol Suite 20
TCP/IP Protocol Suite 21
Figure 20.11 Example of sub-option negotiation
I will enable the terminal option
IACWILLTerminal type1
Do enable terminal option
IAC DO Terminal type 22
Set the terminal type to “VT”
IACIAC SB‘V’‘T’ Terminal typeSE3
TCP/IP Protocol Suite 22
TCP/IP Protocol Suite 23
Figure 20.12 Example of interrupting an application program
TCP/IP Protocol Suite 24
Figure 20.13 Out-of-band signaling
IACIPDM Data
DiscardedKept
Urgent pointer
Data
TCP/IP Protocol Suite 25
Figure 20.14 Two different interruptions
TCP/IP Protocol Suite 26
In this example, we use the default mode to show the concept and its deficiencies even though it is almost obsolete today. The client and the server negotiate the terminal type and terminal speed and then the server checks the login and password of the user (see Figure 20.15).
ExampleExample 20.2
TCP/IP Protocol Suite 27
Figure 20.15 Example 20.2
WILL TERMINAL TYPE
DO TERMINAL TYPE
GOAHEAD
GOAHEAD
GOAHEAD
cp file1 file2
GOAHEAD
GOAHEAD
WILL TERMINAL SPEED
DONT TERMINAL SPEED
Login:
Password:
forouzan
XXXXX
1
2
3
4
5
6
7
8
9
10
11
12
13
14
TCP/IP Protocol Suite 28
In this example, we show how the client switches to the character mode. This requires that the client request the server to enable the SUPPRESS GO AHEAD and ECHO options (see Figure 20.16).
ExampleExample 20.3
TCP/IP Protocol Suite 29
Figure 20.16 Example 20.3
GOAHEAD
DO SUPPRESS GOAHEAD
WILL SUPPRESS GOAHEAD
DO ECHO
WILL ECHO
Login:
f
o
o
f
1
2
3
4
5
6
7
8
9
10
TCP/IP Protocol Suite 30
TCP/IP Protocol Suite 31
20-2 SECURE SHELL (SSH)
Another popular remote login application program is Secure Shell (SSH). SSH, like TELNET, uses TCP as the underlying transport protocol, but SSH is more secure and provides more services than TELNET.
TCP/IP Protocol Suite 32
Topics Discussed in the SectionTopics Discussed in the Section
Versions Components Port Forwarding Format of the SSH Packet
TCP/IP Protocol Suite 33
Figure 20.17 Components of SSH
TCP/IP Protocol Suite 34
Figure 20.18 Port forwarding
TCP/IP Protocol Suite 35
Figure 20.19 SSH packet format
How SSH Works• (1) Client contacts server• (2) If SSH protocol versions do
not agree, no connection• (3) Server identifies itself. Server
sends host key, server key, check bytes, list of methods. Client looks in its DB for hosts.
• (4) Client sends a secret key, encrypted using server’s public key
• Both begins encryption. Server authentication is completed
• Client authentication on the server side. Example, password and public-key authentication
SSH-2 Protocol