?
Solved

I need to disable Telnet on Cisco Routers.

Posted on 2011-02-28
5
Medium Priority
?
1,810 Views
Last Modified: 2012-05-11
Greetings,
I am in need of disabling the default Telnet access to a few Cisco devices.
An 1841, a few 2600's and a small ASA 5505.
On a few of these devices, I can only get to them via Telnet currently.
On several others, SSH and Telnet are working.
I need the command lines to disable Telnet and enable SSH (in reverse order :))
I also have CIsco SDM loaded but can't fine anything for passwords or access into the devices, almost worthless from what I can see other than monitoring.

Please advise.
0
Comment
Question by:icarus2256
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Jimmy Larsson, CISSP, CEH earned 500 total points
ID: 34999071
First make sure that you can reach each device with ssh. The following needs to be done:


ip domain-name anything.com
crypto key gen rsa mod 1024
aaa new-model
aaa authen login default none
aaa authen login VTY local
username cisco password cisco (or whatever you want)
line vty 0 15
 login authen local
!

When ssh works, disable telnet by adding this command:

line vty 0 15
 transport input ssh
!

Best regards
Kvistofta

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35001161
Hi,

On the ASA you need:
aaa authentication ssh console LOCAL  
ssh 0.0.0.0 0.0.0.0 inside
ssh x.x.x.x x.x.x.x outside
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35001174
and you need "crypto key generate" also
0
 
LVL 17

Expert Comment

by:Marius Gunnerud
ID: 35006577
just to add to the above and to be on the safe side i would add the following

line vty 0 15
 transport input none
 transport input ssh

the none command will disable everything, and then enable ssh.
0
 
LVL 18

Expert Comment

by:Jimmy Larsson, CISSP, CEH
ID: 35008356
MAG03: There is no "safe side". That command is explicit. By adding "transport input ssh", the only allowed inbound protocol IS ssh, no matter of earlier configuration. As a matter of fact, adding "transport input none" is not only useless in this case, it might also kill the current session and lock out anyone from the vty-lines just moment before adding the second line.


ikalmar: crypto key gen was in my original answer above.

/Kvistofta
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question