320 likes | 644 Vues
Remote Access. http://en.wikipedia.org/wiki/Telnet The old, safe world: telnet, rlogin, rsh, rcp. Telnet. Telecommunications Network. TELNET. TEL ecommunication NET work A network protocol used on Internet or LAN connections Developed in 1969 beginning with RFC 15
E N D
Remote Access http://en.wikipedia.org/wiki/Telnet The old, safe world: telnet, rlogin, rsh, rcp
Telnet Telecommunications Network
TELNET • TELecommunication NETwork • A network protocol used on Internet or LAN connections • Developed in 1969 beginning with RFC 15 • Standardized as IETFSTD 8 • One of the first Internet standards • The term telnet also refers to software which implements the client part of the protocol • TELNET clients have been available on most Unix systems for many, many years • Available for virtually all platforms • Most network equipment and OSs with a TCP/IP stack support some kind of TELNET service server for their remote configuration • Secure Shell has begun to dominate remote access for Unix-based machines.
TELNET • "To telnet" sometimes used as a verb • Establish or use a TELNET or other interactive TCP connection • "To change your password, telnet to the server and run the passwd command" • Typically a user will be telneting to a Unix-like server system or a simple network device such as a switch • User might "telnet in from home to check his mail at school" • Use a telnet client to connect local computer to a server • Once the connection is established • Log in with his account information • Execute commands remotely on that computer • E.g. ls or cd • Client may also be used to make interactive raw-TCP sessions • When that option is not available, telnet sessions are equivalent to raw TCP as long as byte 255 never appears in the data • ? What is byte 255 ?
Protocol details • TELNET is a client-server protocol • Based on a reliable connection-oriented transport. • Typically TCP port 23 • TELNET predates TCP/IP • Originally ran on NCP • The protocol has many extensions • Some adopted as Internet standards • IETF standards STD 27 through STD 32 • Define various extensions • Most are extremely common. • Other extensions are on the IETF standards track as proposed standards
Security • TELNET initially developed in 1969 • Most networked computers at the time: • Computer departments of academic institutions • Large private and government research facilities • Security originally not as much of a concern • Changed after the bandwidth explosion of the 1990s • Enencrypted alternatives made necessary • Rise in the number of people with access to the Internet • Number of people attempting to crack other people's servers
Security • Experts in computer security1 recommend that the use of TELNET for remote logins should be discontinued under all normal circumstances for the following reasons: 1SANS Institute, members of the comp.os.linux.securitynewsgroup
Security • TELNET, by default, does not encrypt any data sent over the connection (including passwords) • It is easy to eavesdrop on the communications • Easy to intercept ids and passwords • Anybody with access to a router, switch, or gateway located on the network between the two hosts where TELNET is being used: • Can intercept the packets • Obtain login and password information • Any of several common utilities • E.g. tcpdump and Wireshark
Security • Most implementations of TELNET lack an authentication scheme • Cannot ensure that communication is carried out between the two desired hosts, and not intercepted in the middle • Commonly used TELNET daemons have several vulnerabilities discovered over the years
Security • Security-related shortcomings have seen the usage of the TELNET protocol drop rapidly • Especially on the public Internet, • In favor of a the ssh protocol • First released in 1995 • SSH provides much of the functionality of telnet • Also has: • Strong encryption • Prevents sensitive data such as passwords from being intercepted • Public key authentication • Ensures that the remote computer is actually who it claims to be
Security • As has happened with other early Internet protocols • Extensions to the TELNET protocol provide TLS security and SASL authentication that address many security issues • Most TELNET implementations do not support these extensions • Relatively little interest in implementing these • SSH is adequate for most purposes. • The main advantage of TLS-TELNET • Ability to use certificate-authority signed server certificates: • to authenticate a server host to a client that does not yet have the server key stored • SSH weakness: • User must trust the first session to a host when it has not yet acquired the server key
Current status • TELNET clients are still used (as of the mid-2000s) • Often when diagnosing problems • Manually "talk" to other services without specialized client software • Sometimes used in debugging network services • an SMTP, IRC or HTTP server • Serves as a simple way to send commands to the server and examine the responses
Current status • Other software such as nc (netcat) or socat on Unix (or PuTTY on Windows) are finding greater favor with some system administrators for testing purposes • They can be called with arguments not to send any terminal control handshaking data • netcat does not distort the \377 octet • which allows raw access to TCP socket • unlike any standard-compliant TELNET software
Current status • TELNET is still very popular in enterprise networks to access host applications • IBM Mainframes • Typically in an internal secure environment • TELNET is still widely used for administration of network elements • Commissioning • Integration • Maintenance • of core network elements in mobile communication networks
Current status • TELNET is also heavily used for • MUD games played over the Internet • talkers, MUSHes, MUCKs, MOOes • Resurgent BBS community • Windows Vista • Telnet.exe is no longer installed by default • Is still included as an installable feature
rsh http://en.wikipedia.org/wiki/Remote_Shell Remote SHell
Remote Shell • rsh (remote shell): • A command line computer program • Can execute shell commands • As another user • On another computer in a computer network • Remote system on which the rsh executes needs to be running the rshd daemon. • rsh uses well-known port TCP 514. • Note: rsh command shares the same name as another common UNIX utility, the restricted shell • First appeared in PWB/UNIX; in System V Release 4 • Restricted shell is often located at /usr/lib/rsh.
Remote Shell • rsh originated as part of the BSD Unix operating system, along with rcp, as part of the rlogin package on 4.2BSD in 1983 • rsh has been ported to other operating systems • rsh protocol is not secure for network use • Sends unencrypted information over the network • Some implementations also authenticate by sending unencrypted passwords over the network • rsh has largely been replaced by the very similar ssh (secure shell) program on untrusted networks like the internet
Remote Shell • rsh example: • Execute the command mkdir testdir as user remoteuser on the computer host.example.com: • rsh -l remoteuser host.example.com "mkdir testdir" • After the command has finished rsh terminates • If no command is specified then rsh will log in on the remote system using rlogin • Network location of the remote computer is looked up using the Domain Name System
rlogin http://en.wikipedia.org/wiki/Rlogin Remote Login
rlogin • rlogin is a Unixsoftware utility that allows users to log in on another host via a network • Communicates via TCPport 513 • First distributed as part of the 4.2BSD release • rlogin is also the name of the application layer protocol used by the software • part of the TCP/IP protocol suite • Authenticated users can act as if physically present at the computer • RFC 1258 states: • "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." • rlogin communicates with a daemon, rlogind, on the remote host. • rlogin is similar to the Telnet command • Not customizable • Can connect only to Unix hosts
rlogin • rlogin most commonly deployed on corporate or academic networks • user account information is shared between all the Unix machines on the network • often using NIS • Deployments essentially trust most other machines (and the network infrastructure itself) • the rlogin protocol relies on this trust. • rlogind allows logins without password (where rlogind trusts a remote rlogin client) • if the remote host appears in the /etc/hosts.equiv file • if the user in question has a .rhosts file in their home directory
rlogin • rlogin has several serious security problems: • All information is transmitted unencrypted • Including passwords! • .rlogin (or .rhosts) file is easy to misuse • Potentially allows anyone to login without a password • Many corporate system administrators prohibit .rlogin files • actively search their networks for offenders • Protocol partly relies on the remote party's rlogin client providing information honestly (including source port and source host name) • A corrupt client is able to forge this and gain access • rlogin protocol has no means of authenticating other machines' identities, or ensuring that the rlogin client on a trusted machine is the real rlogin client • Common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files • Any of NFS' security faults automatically plague rlogin
rlogin • Due to these serious problems rlogin is rarely used across untrusted networks (like the public internet) • Even in closed deployments it has fallen into relative disuse • many Unix and Linux distributions no longer including it by default • Many networks which formerly relied on rlogin and telnet • Replaced them with SSH and its rlogin-equivalent slogin
rlogin • Original Berkeley package which provides rlogin also features rcp and rsh • Share the hosts.equiv and .rhosts access-control scheme • Suffer from the same security problems • Do connect to a different daemon, rshd • ssh suite contains suitable replacements for both: • scp replaces rcp • ssh itself replaces both rlogin and rsh
rcp http://en.wikipedia.org/wiki/Rcp_%28Unix%29 Remote Copy
rcp • rcp: the Unix ‘Remote CoPy' command • Command on the Unix used to remotely copy • Copy one or more files from one computer system to another • Typically uses • TCP/IP protocol • .rhosts file for authentication • Has been implemented to alternatively support Kerberos. • rcp is not secure for network use • Sends unencrypted information over the network • Largely replaced by the ssh-based utility scp • Etymology: • rcp is a member of the BSD unix family of 'r' (remote) commands • Name is a contraction of 'r' remote and 'cp' copy.
Summary • Host of insecure remote commands • Developed before security was a major concern • May be okay for “internal” use • On “secure” networks • Overall: • Use modern secure alternatives