Telnet

Discuss Telnet in detail

• TErminaL NETwork (TELNET) is a general-purpose client/server application
program.
• TELNET is the standard TCP/IP protocol for virtual terminal.
• TELNET enables connection to a remote system in such a way that the local
terminal appears to be a terminal at the remote system.
• TELNET was designed during days of time-sharing environment in which a large
computer supports multiple users.
• The interaction between a user and the computer occurs through a terminal which
is a combination of keyboard, monitor and mouse.
• Each user has an identification name and a password.
• To access the system, the user logs into the system with a user id or log-in name.
• The user is authenticated using password and hence unauthorized access is
prevented.
 Remote Logon

• The process of remote login using TELNET client and server

program is depicted below.
• The user keystrokes are sent to the terminal driver, where the local
operating system accepts the characters but does not interpret
them.
• The characters are sent to the TELNET client, which transforms the
characters to a universal character set called Network Virtual
Terminal (NVT) characters and puts it over the network.
• The commands/text in NVT form reaches the remote host.
• The TELNET server at well-known port 23, converts NVT characters
onto remote character set.
• Since the operating system is not designed to receive data from
TELNET server, data is redirected via a pseudo terminal driver to
the remote OS.
• The remote OS passes the data to the corresponding applications.
 NVT Character Set
• Every operating system uses a special combination of
characters as tokens.
• For example, the end-of-file token in DOS is Ctrl+z,
whereas in UNIX it is Ctrl+d.
• TELNET solves the problem of heterogeneity, by
defining a universal interface called the network virtual
terminal (NVT) character set.
• Data transmitted over the network is NVT, whereas at
the host level data is processed using its character set.
• NVT uses two sets of 8-bit characters, one for data and
the other for control. For data, the MSB is 0 and for
control it is 1.
Concept of NVT
• Some NVT control characters are:
• TELNET uses the same connection to send both data and
control characters.
• To distinguish data from control characters, each sequence
of control characters is preceded by a special control
character called IAC (interpret as control).
• For example, to display file1, the command is cat file1; by
mistake the user types cat file a, user uses the backspace
key to correct this situation (cat file a <backspace>1).
Options
• TELNET lets the client and server negotiate options before or during
the session.
• Options are extra features available with a more sophisticated
terminal whereas simple terminals use default features.
• The control characters used for option negotiation are WILL,
WONT, DO and DONT.
• Some options are
Modes
TELNET operate in three modes namely default, character and
line mode.
o In default mode, the client sends characters only after the line
is typed.
o In character mode, each character typed is sent by the client
to the server.
o In line mode, line editing is done by the client and sends after a
line is typed
 FTP
Briefly explain the transfer of file contents using FTP.
• File Transfer Protocol (FTP) is the standard provided by
TCP/IP for copying a file from one host to another.
• FTP establishes two connections between hosts
o Data connection is used for data transfer
o Control connection is used for control information.
o FTP uses two well-known TCP ports, 21 for control and
20 for data connection.
FTP
Control Connection
• FTP uses 7-bit NVT ASCII character set to communicate across the
control connection.
• Communication is achieved through commands and responses.
• Each command or response is only one short line terminated with
<CRLF>
• FTP uses well-known TCP port 21 for control communication
• When a user starts an FTP session, the control connection opens.
• While the control connection is open, the data connection can be
opened and closed multiple times if several files are transferred.
Data Connection
• File transfer occurs over the data connection under the control of the commands
sent over the control connection.
• A file transfer in FTP means one of the following:
o A file is to be copied from the server to the client. This is called retrieving a file. It is
done under the supervision of the RETR command
o A file is to be copied from the client to the server. This is called storing a file. It is
done under the supervision of the STOR command.
o A list of directory or file names is to be sent from the server to the client. This is
done under the supervision of the LIST command.
• The client defines the type of file to be transferred, the structure of the data, and
the transmission mode.
• Before sending the file through the data connection it is prepared for transmission
through the control connection.
Data Connection
File Type
• FTP can transfer either an ASCII file, EBCDIC file, or image file.
– ASCII file is the default format for transferring text files.
– IBM uses EBCDIC encoding.
– The image file is the default format for transferring binary files.
Data Structure
• FTP interprets file's data structure as either file, record or page
structure.
o In file structure, the file is a continuous stream of bytes.
o In record structure, the file is divided into records (used only for text
files)
o In page structure, the file is divided into pages. Each page has a page
number and header. Page access can be random or sequential.
Transmission Mode
• FTP uses stream (default), block or compressed mode of
transmission.
o In stream mode, data is delivered to TCP as a continuous stream of
bytes. If it's a file structure, end-of-file (EOF) is not needed. In case
of record structure, each record is marked by a end-of-record (EOR)
and the end of the file has a EOF character.
o In block mode, data is delivered to TCP in blocks, where each block is
preceded by a 3-byte header. The first byte is the block descriptor
and next 2 bytes define the size.
o In compressed mode, the compression used is run-length encoding.
Consecutive appearance of character is replaced by an occurrence
and count of repetitions.
 Example

$ ftp voyager.deanza.tbda.edu
Connected to voyager.deanza.tbda.edu.
220 (vsFTPd 1.2.1)
530 Please login with USER and PASS.
Name (voyager.deanza.tbda.edu:forouzan): forouzan 331 Please
specify the password.
Password:
230 Login successful.
ftp> Is reports
150 Here comes the directory listing.
drwxr-xr-x 23027 411 4096 Sep 24 2002 business 411 4096
drwxr-xr-x 23027 Sep 24 2002 personal
drwxr-xr-x 23027 411 4096 Sep 24 2002 school
226 Directory send OK.
SECURITY
 SSH(Secure Shell)
Write short notes on SSH.
• Secure Shell protocol (SSH) provides a remote login service in a
secure manner
• SSH uses well-known port 22.
• SSH is used to provide strong client/server authentication
– Passwords are not sent as clear text over the network. It is sent in
encrypted form.
– Thus sending password through un-trusted network is not a problem.
• Unlike Telnet and rlogin, SSH supports message integrity and
confidentiality.
• SSH version 2 consist of the following protocols
1.Transport layer protocol SSH-TRANS
2. Authentication protocol SSH-AUTH
3. Connection protocol SSH-CONN
1.SSH-TRANS
• SSH-TRANS provides an encrypted channel for
communication. It runs on top of a TCP connection.
• Client and server establish secure channel by first
having the client authenticate the server using RSA.
o Server informs the client of its public key at the time of
connection
o Client warns the user when it tries to connect to the
server for the first time, since it does not know the
server
• Once authenticated, the client and server
establish a session key that they will use to
encrypt any data sent over the channel.
• o Client remembers the server's public key
• o For future connection, the client compares
server's response with the saved key.
• SSH-TRANS includes a negotiation of the
encryption algorithm the two sides are going to
use. For example, AES is commonly selected.
SSH-TRANS include a message integrity check of
all data exchanged over the channel.
2. SSH-AUTH
1. Server is authenticated during setup of SSH-TRANS channel by default
2. User can authenticate using any of the three mechanism
1) Login with username and password. Password is sent in encrypted
form
2) Public key encryption by asking the user to store user's public key on
the server
3) Host based authentication requires the client to be authenticated
when it connects to server for the first time. Further connection from
a trusted host is believed to be from the same user.
3. In UNIX,
o /.ssh/known_hosts records the keys for all the hosts the user has logged
into
o /.ssh/authorized_keys contains the public keys needed to authenticate the
user when he or she logs into this machine
o /.ssh/identity contains the private keys for authenticating user on remote
machine
3.SSH-CONN
1. SSH can be extended to support insecure TCP applications
such as X Windows, IMAP mail readers, etc using SSH-
CONN.
2. Insecure applications are run by tunneling through SSH,
known as port forwarding.
o Client on host A communicates with server on host B using
SSH.
o Client data sent through SSH is encrypted at sender side
o The receiving SSH at well-known port decrypts the contents
o Content is forwarded to the actual port on which the server
is listening