In the era of remote connectivity, users and system administrators must use tools to make remote activity safe, secure, and fast.
And, when you speak about remote connectivity methods, two names come at the top: SSH and Telnet.
Is it SSH or Telent? This article will explore which one is better for remote access. Let’s find out in our SSH vs. Telnet comparison.
What is Remote Access?
Remote access enables users or administrators to access computers or devices on networks from any location using the Internet. Using it, they can carry out different operations, including transferring files, collaborating, and securing application traffic.
Remote access is vital for organizations to survive and thrive. Additionally, administrators need proper remote access to manage servers, networks, and applications without physically visiting server locations.
What is SSH?
Secure Shell or Secure Socket Shell (SSH) is a network protocol that enables computers on an unsecured network to communicate with each other securely.
Once a secure connection is established, the user or administrator can log in to the remote machine and execute applications remotely or use the secure end-to-end encrypted connection to move files across the network.
SSH refers to the suite of technology and utilities that implement SSH protocol. To make SSH secure, several technologies are implemented, starting from public key authentication, encrypted data communications, and strong password authentication.
The company behind SSH development is Netscape Communications Corporation. However, a Finnish computer scientist, Tatu Ylonen, created SSH’s first designs. He developed it after finding a secret password sniffer on his newly created network.
How does SSH work?
SSH replaces older remote connectivity protocols such as Telnet, rlogin, rsh, etc. Most of these are popular protocols but lack security. In fact, SSH is so good that users use it instead of relying on file transfer protocols such as remote copy (rcp) and File Transfer Protocol (FTP).
SSH uses a client-server model where an SSH client connects to the SSH server.
- SSH client is a program residing on a computer or device that initiates the SSH protocol. The client sends a request to the SSH server and waits for it to accept the request. The SSH client uses public key encryption to verify and ensure that it connects with the right server. This approach ensures that malicious actors cannot pose as a server and steal vital information from the client.
- SSH Server handles the SSH connections and runs the service. To accept the incoming request, the SSH server constantly listens to TCP port 22(by default). And once it receives a request, it responds to them. SSH server also checks and authenticates the client using public key authentication. Only after successful authentication the client gets access to the host system.
The client and server make the encryption choice. They can engage in disabling weaker encryption. Also, it supports multiple connections, allowing you to multi-task(downloading, editing, or running a program) by opening multiple channels through a single SSH connection.
SSH syntax is as follows:
$ ssh user_name@host
The user_name is the username you use to connect to the host. The host can be an IP or domain name.
As you can see, the simplified SSH flow consists of the following:
- SSH client initiating a connection to a particular SSH server
- The SSH server receives the connection and sends its public key to the client.
- The client saves the server’s public key in their host’s file(for future connectivity).
- Now, the server and client negotiate and establish the connection parameters.
SSH offers a strong connectivity option with excellent security and data integrity protection. It also follows an IETF standardization for better implementation and has been intact for the last 15 years.
If you want to dive into SSH technically, check out the SSH RFC 4253 standardization document. Also, check out Geekflare’s take on understanding SSH.
What is Telnet?
Telent stands for Teletype Network. It is another popular network protocol that offers remote connectivity through the command-line interface. Similar to SSH, you can use it to gain remote control and perform actions. However, it lacks the security aspect that SSH offers.
The lack of security is because when it came out in 1969, most communications were done in a local network, which is secure compared to the unsecured Internet.
How does Telenet work?
Telenet works by creating a terminal-to-terminal text-based communication between the client and server. It uses a client-server model using an eight-byte connection.
Once the connection is established, you can perform different operations on the remote computer, including checking open ports, configuring devices, editing files, and even running programs.
The Telnet syntax is:
$ telnet hostname port
To read more about Telnet, check out Telnet Commands to Test and Troubleshoot Connection Issues.
When and where should you use SSH?
SSH is primarily used for:
- Remote system administration
- Remote command execution
- Securing the application’s traffic
- File transfers
Administrators can also set up automated SSH sessions that handle repetitive tasks such as network backup creation, logfile collection, performing maintenance periodically, etc.
SSH must be used for any remote connectivity operation, especially on an unsecured network, especially the Internet. SSH is also an excellent option for using on the local network, as you may never be sure if your local network is completely secure.
When and where should you use Telenet?
As Telnet is not secure, you avoid using it for connecting remotely on an unsecured network. However, that doesn’t mean Telnet is useless.
You can use TTelnetto do the following:
- Troubleshoot SSH (Yes, you read it right. 😃)
- Troubleshoot FTP, SMTP, and web servers.
- Check if a port is open or not
- Accessing trusted internet networks.
SSH vs. Telnet
In this section, we’ll compare SSH and Telent through different criteria. If you’re in a hurry, check out the SSH vs. Telnet comparison table.
|Security||Highly secure, where client and server can negotiate to set up encryption algorithms.||Not secure, no mechanism to secure the connection or the Telent packets.|
|Authentication||SSH uses public key encryption for authentication purposes.||Telnet has no authentication mechanism. It simply asks for the username/password, which is transferred without any protection.|
|Operation||SSH uses TCP port 22 by default. You can change it to another port to prevent hackers from attempting unauthorized access.||Telent, by default, uses port 23 to listen for incoming connections. You can configure it to protect against unauthorized access.|
|Model||Client-server model.||Client-server model.|
|Data transfer speeds||Technically slower than Telnet, but hardly perceived during real-world use.||Faster than SSH due to no security protocols.|
SSH is secure. It keeps your connection safe with proper encryption protocols. However, Telenet is entirely devoid of any security measures.
In SSH, the client and server can negotiate the connection parameters, including the end-to-end encryption algorithm. This gives the setup to lock out weak encryption algorithms and make the SSH connection as secure as possible.
Once a TCP/UDP connection is made between the client and server, an attempt to create a secure connection starts.
To better understand how SSH security works, let’s learn about the contents of the SSH package. An SSH packet consists of five components, including:
- Packet length: 4 bytes; how big is the package going to be
- Padding amount: 1 byte; how much padding does the package have
- Payload: the actual data being transferred; size varies
- Padding: the actual padding, and not the SIZE we mentioned before. It is random bytes combined with payload to make it more encrypted.
- Message authentication code: A tag to validate package authenticity to ensure the package data is not changed.
When SSH implements encryption, only the package length and message authentication code are available to read. The client and server negotiate the connection parameters through a message authentication code. Furthermore, the SSH packets can be compressed using different compression algorithms.
Telnet lacks security. It carries out unsecured authentication to connect the client and server. So, any malicious actor can read the Telent package and compromise the connection.
SSH is a secure protocol. It relies on public key encryption to authenticate the client and server. In more technical terms, SSH can use asymmetric or symmetric cryptographic algorithms to pair public and private keys.
Telent, on the other hand, has no protection for authentication. Its authentication process asks for the account name and password before connecting. Also, the username and password are sent without any security and hence can be accessed by anyone.
As for operation, SSH runs on TCP port 22 by default. On the other hand, Telnet uses TCP port 23. So, use SSH or Telnet protocols without specifying the port number. The command will try to connect automatically to ports 22 and 23, respectively.
However, these ports are well-known and can be used by hackers to carry out unauthorized access.
You can change SSH and Telnet protocols on different ports to overcome this. It is best to close the common ports and choose ports between 1024 and 65535.
In Telent, the commands are sent in the Network Virtual Terminal(NVT) format. The Telent server is capable of receiving and understanding the format. As you can see, there is no encryption or authentication made here.
As for SSH, once the client-server connection is made, a session is generated and identified with the session key. This key encrypts the traffic until the session ends. Moreover, the server needs to verify the client. It does it with SSH key pair generation. With verification done, an end-to-end encryption channel is created for safe data transfer.
Both SSH and Telnet use the client-server model. That’s great, considering that the client-server model brings multiple benefits, including:
- It can scale horizontally, where the server can add more resources if needed.
- Clients can be optimized for proper data inputs
- Divides application processing between client and server
Speed and Overhead
To truly understand SSH and Telnet, we must learn their overhead impact. Generally, SSH has more overhead than Telent, but you’ll barely notice any difference in real-world scenarios.
Technically, Telnet and SSH do rekeying after 1 hour of connection or 1 GB of connection time.
As for bandwidth, SSH has more overhead, but it is minimal to impact users. As for the client and server’s CPU, the overhead is minimal, thanks to how AES standard works and implements in SSH connections.
In short, SSH and Telnet have no visual speed or overhead difference. However, if you compare them technically, SSH does carry some overhead over Telnet.
SSH and Telnet Use-Cases
In this section, we’ll examine some SSH and Telnet use cases.
The use cases for SSH include:
- Remote execution of commands
- Securely accessing remote machine resources
- Transferring files remotely
- Delivering software updates remotely
- Setup automated file transfer or do manual transfers
The Telnet use cases include:
- Troubleshoot SSH
- Troubleshoot FTP, SMTP, and web servers.
- Check if a port is open or not
- Accessing trusted internet networks.
Final Thoughts: Which One is Better?
SSH is better. It is a modern and updated network protocol that makes remote access secure. Until now, there have been no security loopholes found in it. Also, it is easy to use and set up.
Telnet, on the other hand, has fallen gracefully. It is now almost 50 years old. However, it is still helpful in current scenarios, and you can use it to troubleshoot SSH or check if a port is open. Administrators can use Telnet to troubleshoot most network problems.