How secure is telnet?

[RexRocket]

I need to telnet to a linux system behind a router. I can configure my router to port forward telnet request to the linux system to do this.

Questions:
- How secure is telnet?
- How much level of security does a router provides?
- If it's not secure, why?
- What are the security precautions I can take if I want to use telnet?

I've heard something about SSH.
- What is SSH? Is it similar to telnet?
- Where can I get more info?

I know there are lots of questions here. Feel free to answer as many as you want.

Thanks,

-Rex

[canon006]

From what I'm told, telnet is not very secure.

In my experience with a router(I'm guessing you mean like a linksys blue-box) provides decent security, mine has sufficently stopped many worms and such from hitting my family's windows boxes and as far as the internet is concerned we don't show any open ports. But as you said you're opening a hole in it to let telnet through, so yours may not be as secure.

SSH is similar to telnet in that it gives you remote access to your system but it encrypts all data between the client and server (someone correct me if i'm wrong). Basicly you'll get the same shell you see when you're sitting at your linux boxm similar to what telnet does. One of the nice things SSH does is X forwarding, meaning that as long as you've got an X client on the pc you're working on you can have your desktop from your linux box forwarded over the network to the machine you're currently at.

take a look here too - http://openssh.org/

That's based on my experiences, I'm sure other people here can get in it more in depth if you need it and correct my mistakes/misconceptions.

[AngryPuppy]

Please, there are many people who know much more than me on this topic, so I would appreciate any additions or corrections that anyone can provide.

Telnet is not secure because it sends all data (including IDs and passwords) as plain text. What this means is that someone running a sniffer between the two boxes can see and log everything that travels between them.

SSH encrypts all data to protect against what I mentioned above. You can also create a tunnel through SSH for other services such as FTP to help make them secure as well.

The only advantage I can think of for Telnet is that just about every machine has a Telnet client, making access simpler. To connect to an SSH server, you need an SSH client which is not installed on most Windows boxes and some Linux installations. I use Putty to get access to my box from windows boxes (I will try to edit this post with a link later).

From what I've seen, once an SSH session is established, it's just like using a telnet session.

Terry

[mairving]

Disable telnet if at all possible in favor of SSH. You can download putty, a windows SSH client here

[Obrion]

yes use SSH.. telnet is absolutly horrible.. Putty is a sweet app. you can create keys and everything with it. I would also just like to mention again that you can useSSH and tunnel ftp throught it. making ftp secure (very important)..

as far as a router's level of security. I think that it is decent but i would still back it up with some IP tables and such. Also make sure that you aren't running any services that you don't need. Your router actually sits and forwards packets to whatever computer requested it. So this gives your computer a LAN IP addreess any only has open port 80. This kind of hides you a bit.

[posw2ksocks]

Telnet bad. Putty/SSH good. Read up on how to install putty for windows and make sure the computer you're connecting to accepts ssh connections. Configure your routers to allow ssh port 22 through and disable anything else you don't need such as ftp, telnet, etc.

[elderdays]

I run tcpdump at work for various security checks/reasons and can read-in on telnet sessions all day long. Use ssh so this stuff is encrypted. You should set up tcpdump (you probably already have it in linux) on one of the machines on your network and depending on type/setup of routers switches, you can see everything. You can still capture ssh packets with tcpdump but they look like gibberish, whereas telnet is plain-text.