Reverse telnet

Reverse telnet is a specialized application of telnet, where the server side of the connection reads and writes data to a TTY line (RS-232 serial port), rather than providing a command shell to the host device. Typically, reverse telnet is implemented on an embedded device (e.g. terminal/console server), which has an Ethernet network interface and serial port(s). Through the use of reverse telnet on such a device, IP-networked users can use telnet to access serially-connected devices.

In the past, reverse telnet was typically used to connect to modems or other external asynchronous devices. Today, reverse telnet is used mostly for connecting to the console port of a router, switch or other device.

Example

On the client, the command line for initiating a "reverse telnet" connection might look like this:

telnet 172.16.1.254 2002

(The syntax in the above example would be valid for the command-line telnet client packaged with many operating systems, including most Unices, or available as an option or add-on.)

In this example, 172.16.1.254 is the IP address of the server, and 2002 is the TCP port associated with a TTY line on the server.

A typical server configuration on a Cisco router would look like this:

version 12.3
service timestamps debug uptim
service timestamps log uptime
no service password-encryption
!
hostname Terminal_Server
!
ip host Router1 2101 8.8.8.8
ip host Router2 2102 8.8.8.8
ip host Router3 2113 8.8.8.8
!
!
interface Loopback0
description Used for Terminal Service
ip address 8.8.8.8 255.255.255.255
!
line con 0
exec-timeout 0 0
password MyPassword
login
line 97 128
transport input telnet
line vty 0 4
exec-timeout 0 0
password MyPassword
login
transport input none
!
end

SSH - file transfer protocol

SFTP client

The term SFTP can also refer to Secure file transfer program, a command-line program that implements the client part of this protocol, such as that supplied with OpenSSH.

The sftp program provides an interactive interface similar to that of traditional FTP clients.

Some implementations of the scp program actually use the SFTP protocol to perform file transfers; however, some such implementations are still able to fallback to the SCP protocol if the server does not provide SFTP service.

SFTP server

There are numerous SFTP server implementations both for UNIX and Windows. The most widely known is perhaps OpenSSH, but there are also proprietary implementations.

SFTP proxy

The adoption of SFTP is hindered somewhat because it is difficult to control SFTP transfers on security devices at the network perimeter. There are standard tools for logging FTP transactions, like TIS fwtk or SUSE FTP proxy, but SFTP is encrypted, rendering traditional proxies ineffective for controlling SFTP traffic.

There are some tools that implement man-in-the-middle for SSH which also feature SFTP control: such a tool is Shell Control Box from BalaBit. These provide SFTP transaction logging as well as logging the actual data transmitted on the wire.

SSH file transfer protocol

In computing, the SSH File Transfer Protocol (sometimes called Secure File Transfer Protocol or SFTP) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with version two of the SSH protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.

Capabilities

Compared to the earlier SCP protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files – it is more like a remote file system protocol. An SFTP client's extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal. For these reasons it is relatively simple to implement a GUI SFTP client compared with a GUI SCP client.

SFTP attempts to be more platform-independent than SCP; for instance, with SCP, the expansion of wildcards specified by the client is up to the server, whereas SFTP's design avoids this problem. While SCP is most frequently implemented on Unix platforms, there exists SFTP servers for most platforms.

SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. It is sometimes confused with Simple File Transfer Protocol.

The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of SSH protocol version 2 implementations, having been designed by the same working group. However, it is possible to run it over SSH-1 (and some implementations support this) or other data streams. Running SFTP server over SSH-1 is not platform independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side.

The Secure Internet Live Conferencing (SILC) protocol defines the SFTP as its default file transfer protocol. In SILC the SFTP data is not protected with SSH but SILC's secure packet protocol is used to encapsulate the SFTP data into SILC packet and to deliver it peer-to-peer. This is possible as SFTP is designed to be protocol independent.

For uploads, the transferred files may be associated with their basic attributes, such as timestamps. This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute.

Standardization

The protocol is not yet an Internet standard. The latest specification is an expired Internet Draft, which defines version 6 of the protocol. Currently the most widely used version is 3, implemented by the popular OpenSSH SFTP server. Many Microsoft Windows-based SFTP implementations use version 4 of the protocol, which lessened its ties with the Unix platform.

The Internet Engineering Task Force (IETF) "Secsh Status Pages" search tool contains links to all versions of the Internet draft-ietf-secsh-filexfer which describes this protocol.