互联网应用笔记(五)
TELNET
A protocol used to establish a dumb terminal(哑终端,只输入输出) session to another computer on the Internet
所有指令不在本机执行
An important Internet application for remote access
The purpose of the TELNET Protocol is to provide a general, bi-directional, byte oriented communications facility.
允许使用一种标准方法将终端设备和面向终端的进程相互连接起来。
预计该协议还可以用于终端与终端之间的通信(“链接”)和进程与进程之间的通信(分布式计算)。
TELNET vs. telnet
大写的TELNET表示的是协议;小写的telnet表示的是程序/应用
TELNET is a protocol that provides “a general, bi-directional, eight-bit byte oriented communications facility” TELNET是一种提供“通用的、双向的、面向8位字节的通信工具”的协议。
建立在TCP协议之上
Many application protocols are built upon the TELNET protocol. 许多应用协议建立在TELNET协议之上(映证TELNET提供general通信能力)
The idea of option negotiation was a very good design feature
采用选项协商,在建立连接前确定可选项。不改变最初的定义但是增加了功能
Enables telnet to evolve to meet new demands without endless new versions of basic protocol
Concept Of Remote / Virtual Terminal
1)远程终端访问
- Early motivation for networks was remote access to interactive systems 网络的早期激励是互动系统的远程访问
- Dumb terminals 哑终端
- Keyboard and screen with primitive communication hardware 键盘和屏幕与原始通信硬件
- Local host computer establish connection to remote host 本地主机建立连接到远程主机
- The challenge is that terminals and host systems were not standardized 终端和主机系统的挑战是没有标准化
- local terminal was not speaking the same language as the remote host 本地终端并不是说同一种语言作为远程主机
产生一些问题,不同os间的字符编码方式可能不同,字符集无法公用
Network Virtual Terminal
所以使用NVT转换为同一字符集
Transform local characteristics into standardized form
◼ Network virtual terminal (NVT)
TELNET客户端和服务器在native format和NVT format之间做转换
TELNET operations 操作
Connection management
◼ Connection request, establish and terminate
◼ Telnet uses TCP (port 23) by default 23端口
Option Negotiation 选项协商(在连接之后,交换数据之前)
To determine mutually agreeable set of characteristics and options 确定双方同意的一组特征和选项(找到双方共同支持的能力和特性,在此基础上才能进行交互)
TELNET protocol 协议
特征
- TCP connection: directed toward port 23 of the server being asked to perform a service TCP连接:针对端口23的服务器被要求执行一个服务
- Data and control multiplexed over the same connection 数据和控制多路复用在同一连接上(在TELNET的client和server之间只会建立一个connection,双方之间交互的data和control都是混合在一个连接上的)
- NVT-representation of a generic terminal 通用终端的网络虚拟终端表示
- Negotiated options-Enabling Telnet to evolve to meet new demands without endless new versions of basic protocol 协商选项Telnet进行改进,以满足新的要求,没有没完没了的新版本的基本协议
- A symmetric view of terminals and processes 对称视图和过程
Transmission Of Data
- Data path from the user’s keyboard to the remote system 从用户键盘到远程系统的数据路径
- Underlying TCP full duplex 底层TCP全双工
- The underlying network is intrinsically full duplex 底层网络本质上是全双工的
- Data sent half duplex 数据发送半双工
- The communication between terminal and process is one direction at a time. 终端和进程之间的通信每次都是一个方向的。
- 这两句话的意思就是说,TCP是全双工的,但是基于TCP的TELNET在应用上数据的传输是半双工的,因为控制权交接的问题,在交接的时候client和server只有一方能发数据
- Data sent as stream of 8-bit bytes 数据都是以8位字节流的形式进行发送的(实际上发的都是字节流)
- No other formatting 没有其他格式化
- Control signals and other non-data information sent as Telnet commands 控制信息和其他非数据信息以Telnet command 的形式发送
- Byte strings embedded in data stream 每一个字符串都是由若干个字节来构成的
- User control signals, commands between Telnet processes as part of protocol and option negotiation and subnegotiation 用户控制信号,作为协议和选项协商和子协商的一部分的Telnet进程之间的命令
Control Functions
TELNET includes support for a series of control functions commonly supported by servers TELNET包括对一系列通常由服务器支持的控制功能的支持
This provides a uniform mechanism for communication of (the supported) control functions 这为(受支持的)控制功能的通信提供了统一的机制
You can imagine them as some extra virtual keys in the NVT keyboard 您可以将它们想象成NVT键盘中的一些额外的虚拟键
**Interrupt Process(IP)**:suspend/interrupt/abort/terminate process 终止一个进程
Abort Output (AO):allow a process, which is generating output, to run to completion but without sending the output to the user’s terminal 允许一个进程产生输出,并且允许它运行直到结束,但是并不将输出的内容发回给用户的命令行
**Are You There (AYT)**:check to see if system is still running 检查系统是否正在运行
**Erase Character (EC)**:delete last character sent;typically used to edit keyboard input 删除一个字符
**Erase Line (EL)**:delete all input in current line;typically used to edit keyboard input 删除一行
IAC:把跟在后面的下一个字节解释为命令
蓝色字四个:选项协商(Control Functions),表达支持意愿
IAC
TELNET command structure
◼ at least a two byte sequence: the IAC (Interpret as Command) escape character followed by the code for the command至少要有两个字节作为命令,前一个字节是IAC标识后面那个字节是命令不是数据
如 255 254:DONT
254:254
- The IAC code is 255
标识数据255,则要写两次ICA
255 255:255
Control Functions
will是 sender问receiver:自己是否可以干XXX
DO是 sender问receiver:你是否可以干XXX
TELNET Options Negotiation
为什么需要:
All NVTs support a minimal set of capabilities(只支持最小功能集)
想添加一些其他功能选项: The two endpoints negotiate a set of mutually acceptable options
The set of options is not part of the TELNET protocol, so that new terminal features can be incorporated without changing the TELNET protocol 组选项不是TELNET协议的一部分,所以新的终端功能可以合并不改变TELNET协议
Each option is assigned a byte value 每个选项都分配了byte value
The DO, DONT, WILL, and WONT commands are used to negotiate options
Options negotiation is symmetric 都可以发起
Steps must be taken to avoid option processing loops防止反复协商
Subnegotiations(多次协商时候使用) are used when more information is needed, such as when negotiating terminal type, window size, etc 除了支不支持之外,还有些需要更详细的信息来完成选项协商
举例;
IAC DO ECHO
IAC WILL ECHO
使用wireshark 来了解发送和接收的情况
wireshark(xming启动)
可以在指定的网络接口上抓取接收到的或者发送出去的数据,然后按照各种协议规范解析并进行图形化的展示,可用于故障分析,协议开发等等
抓到的包的列表(各自的信息,可以了解到通信流程);按照协议规范解析信息;抓到的原始二进制数据
SB SE代表子协商的开始和结束
设为character mode时候,一行发送一个字符
回车也分为两个字符
5)总结
① 优点
- Use Internet accounts you may have on remote computers
- you need an account (login ID) and password on the remote computer to permit access
- Use free services accessible with telnet, e.g.
- library catalogues
- databases
- BBS (Bulletin Board System)
- Router/switch configuration
② 缺点 局限性
- Poor user interface 界面低级
- Based on dumb terminal
- Text-only display 只有字符
- Monochrome
- One color for text, one for background
- Have to type command-line commands
- Often have complex syntax
- Not very secure, SSH made enhancement 不安全!!
- TELNET does not encrypt any data sent over the connection (including passwords)
6. Other remote access technologies 其他远程访问技术
1)其他远程访问技术
- Remote loginin text-based system
- telnet SSH Rlogin
- Remote desktopin windowing system 远程桌面
- VNC (Virtual Network Computing)
- RDP (Remote Desktop Protocol)
2)ssh
① 简介
- Secure Shell
- Command line terminal connection tool
- All traffic encrypted 加密传输
- Both ends authenticate themselves to the other end 双方验证
- Ability to carry and encrypt non-terminal traffic
- Private key kept on client, public key stored on server
- Now, it is an IETF standard
- RFC4251, The Secure Shell (SSH) Protocol Architecture
② 相较于telnet的两点提升
- Providing secure communications 提供安全通信
- Providing users with the ability to perform additional, independent data transfer over the same connection that is used for remote login 为用户提供在用于远程登录的相同连接上执行额外的、独立的数据传输的能力
③ 三个主要机制
- A transport layer protocolthat provides sever authentication, data confidentiality, and data integrity with perfect forward secrecy 一种传输层协议,提供服务器认证、数据机密性和数据完整性,并提供完全的前向保密性
- A user authentication protocolthat authenticates the user to the server 用户认证协议,用于认证用户到服务器
- A connection protocolthat multiplexes multiple logical communications channels over a single underlying SSH connection 一种连接协议,在一个底层SSH连接上复用多个逻辑通信通道