10-31-2006 11:04 AM - edited 03-10-2019 02:49 PM
I'm trying to enable SSH-only access to a Cisco 4006 running CAT OS 8.4(11)GLX with local authentication. SSH works fine, but telnet access is still available. How can I disable telnet access?
10-31-2006 11:35 AM
Try
set ip permit disable telnet
M.
11-08-2006 06:50 AM
Thanks; tried this command, but telnet still allowed.
11-08-2006 09:58 AM
Do a show conf and look for the following-
#permit list
set ip permit enable telnet
set ip permit enable ssh
set ip permit enable snmp
set ip permit 10.1.2.17 ssh
set ip permit 10.1.2.17 snmp
If you want to have SSH only, change the permit statements to reflect SSH only. In the example above 10.1.2.17 can SSH and SNMP to the switch. If it's blank after the IP, that means the IP can do everything that is enabled. Using the above example that means 10.1.2.17 could telnet, ssh, and snmp because all three protocols are enabled. If your admins already have 'all' access, remove 'all' access and then add SSH and any other protocols.
clear ip permit 10.1.2.17 255.255.255.255 all
set ip permit 10.1.2.17 ssh
set ip permit 10.1.2.17 snmp
11-27-2006 01:19 PM
Thanks for the input. I configured as suggested, but still was able to telnet. I just set ip permit enabled for telnet, and didn't specify a list of addresses; that stopped telnet access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide