Telnet and Secure Shell (SSH)
Telnet
- Legacy client & server terminal
- Old stuff that is not replaced by new stuff
- A terminal is a live action interface
- SDN is a new of do things
- TCP port 23
- 21 - FTP
- 22 - SSH
- 23 - Telnet
- 25 - SMTP
- Widely supported
- Susceptible to eavesdropping and hijacking
- Only available option on some devices
- We can Isolate the device and just put it in a different VLAN
- Isolate traffic to Out-of-Bond (OOB) management network
- Dedicated network that does not share stuff with the users
- Dedicated Ethernet Management Interface
- The only way to get on that network is coming in from the firewall and authenticate.
Secure Shell
- Preferred CLI interface for remote administration
- TCP port 22
- Supports file transfer - SCP
- Public Key authentication optional
- Can restrict access by IP address, time of day, group membership
- Might require dedicated application
- Encrypt / Auth / Int
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250122152320.png)
- When the client connects to a server on port 22
- We do the 3 way handshake
- Negotiate protocols
- Here is a public key, should you accept it?
- Key Pair is typically generated using RSA / DSA
- 2048 - 4096
- The dilema is when we get that public key, how do we know that that public key really came from that device
- The public key can be saved
- We have mutual authentication