Telnet is another of the most useful tools that make up the TCP/IP protocol suite. The "remote terminal" telnet application enables you to establish an interactive logon session with a remote computer and execute commands as if you were logged directly into that remote computer. Telnet not only can be used to establish sessions with other computers, but also is embedded in many network devices, such as print servers (or HP Jet-Direct Cards), hubs, switches, and routers. Using telnet is an easy way to manage multiple network nodes ”computer or network devices ”from a central location. However, basic implementations of telnet suffer from a similar problem that plagues FTP. It uses a clear-text method for passing user authentication information and the remaining data transfers. The main RFC that defines basic telnet operation is RFC 854, "Telnet Protocol Specification." In addition, many additional RFC documents have been issued to add security, provide additional functionality, or further clarify the Telnet protocol. The protocol is based on three basic concepts:
This protocol was designed to allow interactive sessions with terminals of many types. A basic Network Virtual Terminal is defined by the telnet protocol, but clients and servers can negotiate additional parameters using options. Because either side can initiate options negotiations, the protocol is called symmetric. What Is a Network Virtual Terminal and NVT ASCII?Each end of the telnet connection is called a Network Virtual Terminal. It is simply a data construct that keeps track of the current state of the terminal, keeping both ends in sync. The virtual terminal operates in a bidirectional manner, sending and receiving data from another remote NVT. The basic NVT uses a 7-bit ASCII code, stored in an 8-bit byte. The high-order bit is set to zero. Carriage-return and line-feed characters are transmitted to indicate the end of a line. The method of representing characters and delineating lines is known as NVT ASCII . You'll find that many different TCP/IP utilities use this to communicate commands to and from the client and server. Conversion to other codes can be done at each client's end. The NVT has both a virtual terminal (or printer, as it's called in the RFC) and a keyboard. Characters that are entered on the keyboard at one end of the connection are locally echoed, and do not have to be echoed back from the remote terminal. Usually, a buffer is set aside in the host's memory to store a line of characters for transmission. The characters are transmitted when a line is complete or until some other signal (from the user, for example) causes the line to be sent. The basic NVT is designed to be the lowest common denominator for telnet sessions. Options can be negotiated, usually more so at the beginning of a session, that change the characteristics of the basic NVT. By a process of negotiation, both sides will always have the NVT default to fall back on if the other side of the connection does not support certain options. Thus, the NVT is the basic telnet terminal, without any extra options enabled. Upon the initial connection, both sides are basic NVTs. Usually, options will be negotiated by both sides before the user has time to begin typing. Occasionally, option changes will be requested during the later data exchanges, but the basic setup for the session is done at the beginning. Telnet Protocol Commands and Option NegotiationsCommands for the telnet protocol are 2 or 3 bytes in length, with the first character being the interpret as command (IAC) character. This character has the ASCII value of 255. If it is necessary to actually send this character as part of the data stream, it is sent as two successive bytes of 255. Following the IAC character, another command character usually is sent. For option negotiations, a third byte is used to indicate the option code being negotiated. In Table 26.3 you can see a list of the basic telnet protocol commands, along with descriptions of their functions. Table 26.3. Telnet Protocol Commands
This simple command structure is used to establish a telnet session, negotiate the optional parameters, if any, and end the session. Telnet, like FTP and other client/server protocols, requires that a telnet server process listen on a well-known port, which in this case is port number 23. The server listens for incoming telnet commands from telnet clients. Following is a short description of some of the protocol commands:
Options and NegotiationsThe standard NVT described in RFC 854 might not be sufficient for all situations, and thus the telnet protocol allows for a process of negotiation of options. This allows for additional capabilities and services to be provided using telnet. For example, an option could be used to provide for a different character set than the standard. Either side of the telnet session can send a request to the other side for an option. The receiving end can then reply with either an acceptance or a rejection of the option. If an option is accepted, it takes effect at once. The following are some basic rules of the negotiation process:
In Table 26.3, the DO , DON'T , WILL , and WON'T operations are used when one side of the connection wants to do something and inform the other side, or when one side wants the other side to perform an action. For example, when an NVT receives a WILL command followed by an option code, it means that the sender will start, or has started, using this option. The receiver of this message can reply with a DO if the option is acceptable or a DON'T if it doesn't support the option. If the sender sends a DO command, followed by an option, then the sender is telling the receiver that it would like for it to use a particular option. The receiver can respond with a WILL command if it does support the option, or a WON'T command if it does not. In addition, a sender can send a WON'T command, which indicates that a particular option is disabled. The receiver should respond with a DON'T command. The sender also can send a DON'T command to indicate that it wants the receiver to disable an option. The response to this command must be a WON'T . Remember that an option cannot be used unless both sides agree to it. Instead, the basic NVT is used with any options that were negotiated. Finally, some options will lead to subnegotiations to further identify parameters of a particular option. These are beyond the scope of this chapter ”refer to the appropriate RFCs. In Table 26.4, you can see a summary of RFCs that describe some of the more useful options for use with telnet. Table 26.4. Additional Option Code Definitions
In addition to this summary of options, others exist that are defined in documents other than RFCs. In addition to the basic telnet commands, telnet recognizes some, but not all, of the special ASCII control code characters. Table 26.5 lists these characters. Table 26.5. ASCII Control Characters Recognized by Telnet's NVT
Telnet and AuthenticationOne of the problems with applications that were developed during the early years of TCP/IP is that Internet (or ARPANET, depending on how far back you want to go) security wasn't as big an issue as it is today. Because of this, many protocols and utilities have been exploited over the past few years by hackers who know how to take advantage of this lack of foresight. Telnet is just such an application. However, with the use of options, it is possible to perform authentication using other than the traditional clear-text method. In RFC 2941, "Telnet Authentication Option," an option to allow for more secure authentication methods, is set forth. This specification is intended to provide a mechanism that can be used by many authentication methods . The code number used for the AUTHENTICATION option is defined as 37. In Table 26.6 you can see some of the codes used to specify different types of authentication. Table 26.6. RFC 2941 Telnet Authentication Methods
The RFC specifies that IANA will be responsible for maintaining the numbers associated with authentication types in the future. In addition, not all of those in the table were submitted to the Internet Engineering Task Force (IETF) as a standard, so some of the values may change. |