Remote Login with Telnet
My work shift starts at 8.30am, and I wake up 7.30am daily; so you can guess that I have one hour to get ready. Yet somehow I am always, still late to work. — Don’t get me wrong, I have a cosy office that make me feel less blue on each Mondays. Here’s a sneak peek of my work office.
But with all the make-ups to put on before going on-air; to the artisan coffee I need to sip before I am human again, plus the commute time to work; I normally arrived at the office 1–2 hours late. But is that really all my fault? — If my office is also my home; then I will always be on-time, because it only take 10 seconds for me to move from my bed to my desk.
Now the question is can we be afforded with such a luxury, especially most of the equipments, services and infrastructure we need to work in full productivity are housed in the office?
Well, with the recent pandemic that strikes us; it has opened up many new ways for working from home. We are doing things we never thought possible; for example, you are now learning about remote login right on medium.com. To access some services that are hosted in the office premise or in the company’s private networks — REMOTE login is one quick way to get us in to these physical servers that are far way from our home (remote location). In this story, we will explore how remote login works using Telnet as the example protocols.
Intuition of remote login
So you get a message from your boss: ‘do not come into the office, but make sure the report is ready by next week’. Suppose that the data you need to compile this report is stored on a server in the office. We can use remote login services like Telnet, SSH, Windows remote desktop or VNC to connect into this server remotely to get what we need. For this to work, the target server must be remote login enabled, meaning that it is running either Telnet, SSH, VNC server and Firewall is not blocking any of these ports.
Let’s take a look at an example of remote login using Telnet. Here, Avocado want to access the Data Server. Assuming that the server is pre-configured with Telnet access.
Avocado can use command prompt or putty.exe to remote connect to the server given the IP address of the server. In this example, the server has a fixed IP address of 192.168.209.244.
Here’s one way to ‘telnet’ into the server. Using putty.exe, we simply specify the target server IP and choose the ‘telnet’ option.
After initiating a connection, the Telnet server will ask the user for authentication info. If Avocado is a legit user, he will be logged into the server to perform tasks through the command lines.
After logging in, Avocado can perform some supported actions using Telnet’s command line. There is no UI support in Telnet. For example, if Avocado want to list all the files available on the server; he simply types ‘ls’ to show the list. The full list of Telnet command can be found here.
How Telnet works?
Telnet is a basic remote login protocol without all the bell and whistle. Telnet allows the client to establish a remote connection to the Telnet server. This connection happened in plain text, including the authentication message.
In Telnet, the client starts the connection request on TCP/23. When the server received the request, it replies with request for authentication message. The client then reply back with Telnet’s account name and password. These user credentials are sent in plain text. When the server received the login details, it then authenticate the authorised users to perform further actions on the server.
A few fun facts on Telnet:
1. Telnet client is not enabled by default in Windows. User need to manually add TELNET using the ‘turn Windows features on or off’ option.
2. Telnet sends authentication details in plaintext. This made Telnet to be vulnerable to Man-in-the-Middle attacks. Using a network sniffer, an intruder can easily intercept the Telnet packets and check for the password since the payload is not encrypted.
3. Telnet client sends the username and password one character at a time. For example, if the username is ‘Dua’ and password is ‘123’. The client first sends ‘D’ to the server; then the server reply the same ‘D’ back to the client. Afterwards, the client sends ‘U’ to the server; and the server send back ‘U’ to the client. The message exchange continues in this way, even for the password; until all the characters of the username and password are completely exchanged.
Here’s an intuitive video to show how TELNET actually works.
Problems with Telnet
Telnet works well for basic remote login requirements, only when it works. However there are some cases where telnet client is not able to connect to the server. Here’s a troubleshooting checklist for Telnet connection issues:
1. Make sure the Firewall on the client and on the server is not blocking TCP/23.
2. Make sure no access-control list is blocking TCP/23 on the network perimeters.
3. Make sure the username and password is correct. Note that when you are typing the password for Telnet on the console, the cursor will not move. This UI design can sometime caused confusion and user retyped some characters of the password.
4. Telnet server is not reachable at the moment; or is wrongly configured.
5. The IP address of the Telnet server is invalid; or wrongly entered.
6. Telnet is vulnerable to MITM attacks. The username, password and data sent on Telnet can be easily intercepted and recovered. This problem is resolved with SSH that encrypts the remote connections.