Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I need to disable Telnet on Cisco Routers.

Posted on 2011-02-28
5
Medium Priority
?
1,721 Views
Last Modified: 2012-05-11
Greetings,
I am in need of disabling the default Telnet access to a few Cisco devices.
An 1841, a few 2600's and a small ASA 5505.
On a few of these devices, I can only get to them via Telnet currently.
On several others, SSH and Telnet are working.
I need the command lines to disable Telnet and enable SSH (in reverse order :))
I also have CIsco SDM loaded but can't fine anything for passwords or access into the devices, almost worthless from what I can see other than monitoring.

Please advise.
0
Comment
Question by:icarus2256
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 34999071
First make sure that you can reach each device with ssh. The following needs to be done:


ip domain-name anything.com
crypto key gen rsa mod 1024
aaa new-model
aaa authen login default none
aaa authen login VTY local
username cisco password cisco (or whatever you want)
line vty 0 15
 login authen local
!

When ssh works, disable telnet by adding this command:

line vty 0 15
 transport input ssh
!

Best regards
Kvistofta

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35001161
Hi,

On the ASA you need:
aaa authentication ssh console LOCAL  
ssh 0.0.0.0 0.0.0.0 inside
ssh x.x.x.x x.x.x.x outside
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35001174
and you need "crypto key generate" also
0
 
LVL 17

Expert Comment

by:Marius Gunnerud
ID: 35006577
just to add to the above and to be on the safe side i would add the following

line vty 0 15
 transport input none
 transport input ssh

the none command will disable everything, and then enable ssh.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35008356
MAG03: There is no "safe side". That command is explicit. By adding "transport input ssh", the only allowed inbound protocol IS ssh, no matter of earlier configuration. As a matter of fact, adding "transport input none" is not only useless in this case, it might also kill the current session and lock out anyone from the vty-lines just moment before adding the second line.


ikalmar: crypto key gen was in my original answer above.

/Kvistofta
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question