The difference between the two protocols of Telnet and SSH

Source: Internet
Author: User
Tags ssh root access ssh port

As a system administrator, one of our important responsibilities is to manage and monitor production servers and enterprise servers, update the server kernel, install the latest packages and patches, and perform other server common tasks on a daily basis, while remotely accessing the server.

There are actually two major protocols available to access the server:

Telnet

SSH

The two major agreements may be discussed individually:

Telnet

Telnet is a joint abbreviation for Telecommunications (telecommunications) and networks (Networks), a network protocol that is most well known on UNIX platforms.

Telnet uses port 23, which is designed specifically for the LAN.

Telnet is not a secure communication protocol because it does not use any security mechanism to transmit plaintext data, including passwords, through the network/Internet, so anyone can sniff the packet for this important information.

The absence of any authentication policies and data encryption methods in Telnet poses a significant security threat, which is why Telnet is no longer used to access network devices and servers through public networks.

On Linux systems, Telnet is easy to install using Yum:

[root@pbx2 ~]# Yum Install Telnet

The best use of Telnet is to check the status of any particular service on the remote host. For example, if we want to check the status of the Apache Web service running on port 80 on the local server, you can do this:

[Root@pbx2 ~]# telnet localhost 80

Trying:: 1 ...

Telnet:connect to Address:: 1:connection refused

Trying 127.0.0.1 ...

Telnet:connect to address 127.0.0.1:connection refused

[Root@pbx2 ~]#

Now we can see that the Web service has been stopped and Telnet is not connected, so we have to restart the service on the server as follows:

[root@pbx2 ~]# Service httpd restart

stopping httpd: [FAILED]

Starting httpd: [OK]

Now check again:

[Root@pbx2 ~]# telnet localhost 80

Trying:: 1 ...

Connected to localhost.

Escape character is ' ^] '.

^]

Telnet> quit

Connection closed.

So the Apache service is now running to check the status of the SSH daemon running on the server in the same way:

[root@pbx2 ~]# telnet localhost 22

Trying:: 1 ...

Connected to localhost.

Escape character is ' ^] '.

ssh-2.0-openssh_5.3

^]

Telnet> quit

Connection closed.

Ssh

SSH represents the security shell (Secure shell), which is now the only major protocol for accessing network devices and servers over the Internet.

SSH runs through port 22 by default, but it is easy to change this port.

SSH is a very secure protocol because it shares and sends encrypted information, which provides confidentiality and security for data accessed through insecure networks such as the Internet.

Once the data in the communication is encrypted using SSH, it is extremely difficult to extract and read the data, so our passwords are also safe to transmit on the public network.

SSH also uses the public key for authenticating users to the access server, which is a good practice and provides us with extremely high security.

6.SSH is primarily used on all popular operating systems, such as UNIX, Solaris, Red-hat Linux, CentOS, and Ubuntu. We can change the SSH port of the server as follows:

[Root@pbx2 ssh]# Vim/etc/ssh/sshd_config

After you open the profile, look for Port, which should by default be annotated as follows: Port

Remove the annotation, change the port, for example, I changed it to Port 10089.

Port 10089

Exit after saving the file, and use the following command to reset the ssh daemon:

Service sshd Restart

We can also disable the root access of the server, as long as a slight change in the same file, search the following parameter: permitrootlogin Yes

Remove the comment and replace "yes" with "no"

Permitrootlogin No

Conclusion

These are very basic security tips for Linux servers, and we'll focus on important Linux security hardening techniques in the next article. Well-known tools for accessing servers via telnet or SSH are putty, Mtputty, and secure CRT. SSH is by far the most important access protocol, and it is also used to access Cisco devices.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.