Section 9.3. Remote Login Protocols

9.3. Remote Login Protocols

A client/server model can create a mechanism that allows a user to establish a session on the remote machine and then run its applications. This application is known as remote login . A user may want to run such applications at a remote site, with results to be transferred back to its local site. For example, an employee working at home can log in to his/her work server to access application programs for doing a project. This can be done by a client/server application program for the desired service. Two remote login protocols are TELNET and SSH.

9.3.1. TELNET Protocol

TELNET ( terminal network ) is a TCP/IP standard for establishing a connection to a remote system. TELNET allows a user to log in to a remote machine across the Internet by first making a TCP connection and then pass the detail of the application from the user to the remote machine. This application can be interpreted as if the text being transferred had been typed on a keyboard attached to the remote machine.

Logging to Remote Servers

With TELNET, an application program on the user's machine becomes the client. The user's keyboard and its monitor also attach directly to the remote server. The remote-logging operation is based on timesharing , whereby an authorized user has a login name and a password. TELNET has the following properties.

• Client programs are built to use the standard client/server interfaces without knowing the details of server programs.

• A client and a server can negotiate data format options.

• Once a connection is established through TELNET, both ends of the connection are treated symmetrically .

When a user logs in to a remote server, the client's terminal driver accepts the keystrokes and interprets them as characters by its operating system. Characters are typically transformed to a universal character set called network virtual terminal (NVT), which uses 7-bit USASCII representation for data. The client then establishes a TCP connection to the server. Texts in the NVT format are transmitted using a TCP session and are delivered to the operating system of the remote server. The server converts the characters back from NVT to the local client machine's format.

The NVT process is necessary because computers to be remotely logged in to differ . In such cases, a specific terminal emulator must also be used by the TELNET client and servers. The client accepts keystrokes from the user's keyboard while accepting characters that the server sends back. On the server side, data moves up through the server's operating system to the server application program. The remote operating system then delivers characters to the application program the user is running. In the meantime, remote character echo is transmitted back from the remote server to the client over the same path . If the application at the server's site stops reading input for any reason, the associated operating system and, therefore, the server are overwhelmed.

TELNET also offers several options that allow clients and servers to negotiate on nonroutine transactions. For example, one option that the client and the server to pass 8-bit data. In such cases, both client and server must agree to pass 8-bit data before any transmission.

9.3.2. Secure Shell (SSH) Protocol

Secure Shell (SSH), another remote login protocol, is based on UNIX programs. SSH uses TCP for communications but is more powerful and flexible than TELNET and allows the user to more easily execute a single command on a remote client. SSH has the following advantages over TELNET.

• SSH provides a secure communication by encrypting and authenticating messages (discussed in Chapter 10).

• SSH provides several additional data transfers over the same connection by multiplexing multiple channels that are used for remote login.

SSH security is implemented by using public-key encryption between the client and remote servers. When a user establishes a connection to a remote server, the data being transmitted remains confidential even if an intruder obtains a copy of the packets sent over an SSH connection. SSH also implements an authentication process on messages so that a server can find out and verify the host attempting to form a connection. Normally, SSH requires users to enter a private password.

A simple SSH interactive session starts with the server's listening on its port specifically designated for secure transmissions. After a password is submitted, SSH starts a shell for the session. SSH can handle several data transfers simultaneously in a same session. This type of remote login service is multiplexed over an SSH connection. SSH can also be used between two machines to carry out port forwarding by establishing a secure tunnel. In the SSH remote login utility, a user can allow SSH to automatically splice an incoming TCP connection to a new connection across a tunnel. (The details of tunneling and its applications are explained in Chapter 16.) Data sent over the Internet is ensured to be delivered safe from snooping and alteration.

SSH resembles a tunneling function. For example, when it forms an SSH connection for its port k ₁ to a remote server, a client can determine that an incoming TCP connection for this port be automatically forwarded across the tunnel to the server and then spliced to another connection to port k ₂ of a second server. This way, the client has a TCP connection established on its machine, and the second server makes a TCP connection to the first server. The advantage of port forwarding is that application data can be passed between two sitesthe client and the second serverwithout requiring a second client and serverthe first server as a client and the second server.

Figure 9.7 shows the format of an SSH packet.

• Length indicates the size of the packet, not including the length field or the variable-length random padding field that follows it.

• Padding causes an intrusion to be more difficult.

• Type identifies the type of message.

• CRC , or cyclic redundancy check, is an error-detection field (see Chapter 4).

When encryption is enabled, all fields except length are encrypted. SSH also permits optional compression of the data, which is useful when SSH is used in low-bandwidth situations. In such cases, the client and the server negotiate compression, and only the type and data fields are compressed.