Telnet to be disabled April 7, 2003
Wrong with Telnet?
Telnet refers to a basic network utility (and related protocol) that
allows a user to interact with a remote host using a text-based virtual
terminal. Telnet is both widespread (it's integrated into many operating
systems) and useful. You may have telnetted from your home
Windows PC to a UMBC Unix server to check your email with Pine.
Unfortunately, telnet is inherently insecure. When you initiate a telnet
connection, your username, password and other bits of important
information are broadcast in cleartext -- visible to anyone located
between your computer and the intended server destination.
Regardless of where and how you're online, if you use
telnet, you're putting your vital data at risk.
Because of the vulnerabilities associated with telnet, UMBC's Office of
Information Technology (OIT) will start disallowing telnet connections to UMBC
servers (such as research.umbc.edu and the gl server cluster) beginning in
March, 2003. In the months preceding this date, individuals using telnet
to log onto campus servers will receive periodic email warnings from
SSH, the Secure Alternative
One popular alternative to telnet is known as the Secure Shell, or SSH.
For most users, SSH is functionally equivalent to telnet, except for one
fundamental difference -- SSH uses encryption to protect your username,
password and data in transit. Because of this extra layer of security, OIT
is encouraging the use of SSH as a replacement for telnet. If you're
interested in learning more about the advantages of SSH over
telnet, check out the University of Washington's What Are Telnet
and SSH page for a basic overview and Thomas Konig's Secure Shell FAQ for
a more comprehensive look.
In the world of computer security, OIT's decision to discourage and
ultimately deny incoming telnet
connections is prudent, but not particularly radical. Many
universities and security-conscious organizations have already
implemented similar policies. (Berkeley's "Telnet,
you are the weakest link!" webpage details one such example.)
Of course, even the most secure encryption won't protect your account if
you've chosen a poor password. Check out OIT's password
guide for more information.
How Do I Obtain SSH?
A program that allows you to establish a SSH connection between
your computer and a remote server (such as research.umbc.edu
or gl.umbc.edu) is known as a SSH client. Fortunately, a number
of decent SSH clients are easily obtainable for multiple operating
systems at no cost. OIT supports two graphical SSH clients:
TeraTerm for Windows, which is included in the UMBC
Internet CD 2003 (distributed at the Helpdesk) and NiftyTelnet
for the Macintosh. Both may be downloaded from OIT's
Software Downloads page. Both SSH clients are available
from OIT-supported campus computer labs.
Additionally, most Unix-based operating systems (such as Linux,
Irix and Apple's OS X series) support SSH from the command line.
If you are a UMBC faculty or staff member, OIT will install
an SSH client such as TeraTerm on your computer upon request.
Please call the Helpdesk (x53838) for more information.
SSH From the Unix Command Line
To connect to a UMBC server using SSH from the Unix
command line environment, simply type
ssh email@example.com at the prompt. For example,
if I wished to SSH to research.umbc.edu, I'd type: ssh firstname.lastname@example.org
and type in my password when prompted.
The substitution of telnet for SSH will, from the user perspective,
change very little while substantially increasing account security
at UMBC. As evidenced from the above SSH-client screenshots,
the necessary information required for a successful SSH login
isn't much different from the info needed for telnet.