Telnet 相对于 SSH 的优势?
[英]Advantages of Telnet over SSH?
问题描述
SSH is the recommended protocol for remote configurations. 
SSH 是远程配置的推荐协议。 Still, telnet is being used in many devices.尽管如此,telnet 仍在许多设备中使用。 Are there any advantages of telnet over SSH?与 SSH 相比,telnet 有什么优势吗?
2 个解决方案
解决方案1
4 2016-11-06 10:02:51
Hmm, let's see:嗯,让我们看看:
Telnet is simpler (as others have noted already);
Telnet 更简单(正如其他人已经指出的那样);Telnet is obviously faster, as the protocol is much more trivial and there is no key exchange and no encryption involved;
Telnet 显然更快,因为协议要简单得多,并且不涉及密钥交换和加密;Telnet is less vulnerable
Telnet 不太容易受到攻击
Wait, stop, WHAT !?等等,停下,什么!?
Well, yes, telnet protocol is plain-text, so you can just sniff the connection and now you know the password and everything else.嗯,是的,telnet 协议是纯文本的,所以你可以只嗅探连接,现在你知道密码和其他一切。 And that is a well known fact indeed.这确实是众所周知的事实。
How hard would it be to actually sniff the particular telnet session, depends on the network setup and a bunch of other things, and might range from being completely trivial to extremely hard to do.实际嗅探特定的 telnet 会话有多难,取决于网络设置和一系列其他事情,并且可能从完全微不足道到极其难以做到。
But aside the (obvious) lack of encryption, when it comes to protocol and the service implementation(s) itself, which one is less vulnerable in overall ?但是,除了(明显的)缺乏加密之外,当涉及到协议和服务实现本身时,哪一个总体上不太容易受到攻击?
Let's take a look in the CVE database:我们在CVE数据库中查看:
Telnet: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=telnet远程登录: https : //cve.mitre.org/cgi-bin/cvekey.cgi? keyword = telnet
There were 5 vulnerabilities, registered in 2016, 3 of them are just "hardcoded credentials", which is more of a vendor error than a real service implementation or protocol flaw. 2016 年注册了 5 个漏洞,其中 3 个只是“硬编码凭据”,这更多是供应商错误,而不是真正的服务实现或协议缺陷。
Now, SSH: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ssh现在,SSH: https : //cve.mitre.org/cgi-bin/cvekey.cgi ?keyword = ssh
25 (!) vulnerabilities (year 2016), ranging from the "hard-coded" credentials to allowing the selection of low-security encryption algorithms, issues which allow for denial-of-service attacks or reading the private keys from the remote process memory and so on. 25 (!) 个漏洞(2016 年),从“硬编码”凭证到允许选择低安全性加密算法、允许拒绝服务攻击或从远程进程内存读取私钥的问题等等。
So there were obviously many more SSH related vulnerabilities than Telnet vulnerabilities detected in 2016, and Telnet is a winner here.因此,与 2016 年检测到的 Telnet 漏洞相比,与 SSH 相关的漏洞显然要多得多,而 Telnet 是这里的赢家。
That is actually pretty logical, taking that SSH is a much more complex protocol, and a typical SSH implementation will have many more features, like X11 forwarding, file transfer, tunnels etc,requiring a more complex code, and making a much wider "attack surface"这实际上很合乎逻辑,因为 SSH 是一个更复杂的协议,典型的 SSH 实现将具有更多功能,例如 X11 转发、文件传输、隧道等,需要更复杂的代码,并进行更广泛的“攻击”表面”
Please take the above with a grain of salt, Telnet is still plain-text and it is widely regarded as an outdated protocol, so you definitely have to use a decent SSH implementation instead.请持保留态度,Telnet 仍然是纯文本的,它被广泛认为是过时的协议,所以你肯定必须使用一个像样的 SSH 实现来代替。
Just make sure that it is configured properly (eg switch off features you are not going to use), and keep it up to date at all times.只需确保它配置正确(例如关闭您不打算使用的功能),并始终保持最新状态。
At the same time, you have to remember that sometimes "obvious things" are not always that "obvious", when you look at them at a bit different angle, and that is the point of this post.同时,你必须记住,有时“明显的东西”并不总是那么“明显”,当你从一个不同的角度看它们时,这就是这篇文章的重点。
解决方案2
0 2016-11-06 07:14:45
telnet 可能更简单,但也可能是历史原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.