13.1 Instruct customers to encrypt all non-console administrative access using technologies such as SSH, VPN, or SSL/TLS for web-based management and other non-console administrative access.
PCI Data Security Standard Requirement 2.3
Telnet or rlogin must never be used for administrative access.
Testing Procedures:
13.1 If payment application or server allows non-console administration, examine the PA-DSS Implementation Guide prepared by vendor, and verify vendor recommends use of SSH, VPN, or SSL/TLS for encryption of non-console administrative access.