Secure alternatives to telnet and FTP

The argument of favoring convenience over security is no longer acceptable in today's computing environment. Although there will be an initial learning curve when using secure shell and secure FTP instead of telnet and FTP, the transition is relatively painless and is a significant step toward improving network security.

Telnet
(including rlogin, rsh, and rcp)

By using telnet to remotely access a system, all commands, including username and password authentication information, is sent in clear-text across the network. Secure shell (ssh) is a secure replacement for telnet. With ssh, all session information, including authentication information, travels over the network in an encrypted tunnel.

An excellent free ssh client for Windows is PuTTY. On UNIX platforms, OpenSSH is an open source ssh client and server implementation.

You should use ssh to replace telnet, remote login (rlogin), and remote shell (rsh).

Secure copy (scp), part of the ssh protocol suite, may be used to replace remote copy (rcp). PSCP is a free Windows scp client. scp is included in the OpenSSH suite on UNIX platforms.

FTP

Similar to telnet, File Transfer Protocol (FTP) sends all authentication and data in clear-text across the network. Not only can eavesdroppers obtain your username and password with FTP, they can actually reconstruct the FTP data stream into the transferred files with a tool like Wireshark.

Secure FTP (sftp), part of the ssh protocol suite, may be used to securely transfer files. With sftp, all session information, including authentication information, travels over the network in an encrypted tunnel.

PSFTP is a free Windows command-line sftp client. WinSCP is a free Windows graphical user interface sftp client.

On UNIX platforms, OpenSSH (and other commercial ssh implementations) includes a command-line sftp client. gFTP is a graphical user interface sftp and ftp client for UNIX platforms.

Back to brandonhutchinson.com.

Last modified: 01/16/2003