Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1051
Views
5
Helpful
3
Replies

Why can I still telnet?

Go to solution
t-heeter
Level 1
Level 1

‎10-16-2006 08:23 AM - edited ‎03-03-2019 02:22 PM

I am attempting to disable telnet and allow only ssh to 2960 switch.

enable password 7 ***

username admin password 7 ***

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

line con 0

line vty 0 4

transport input ssh

line vty 5 15

I can still telnet. Do you need to bounce the switch to take effect?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rwyates_2
Level 1
Level 1

‎10-16-2006 08:36 AM

you only have changed line vty 0 4 for SSH. lines 5 15 are still available for telnet. You should use the ttransport input ssh for lines 0 15.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
rwyates_2
Level 1
Level 1

‎10-16-2006 08:36 AM

you only have changed line vty 0 4 for SSH. lines 5 15 are still available for telnet. You should use the ttransport input ssh for lines 0 15.

0 Helpful

Go to solution
pushkar1782
Level 1
Level 1

‎10-16-2006 09:25 PM

I got some document on it ..pasting the relevant part ..see / rate if this helps ...

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#testwithssh

Prevent Non-SSH Connections

If you want to prevent non-SSH connections, add the transport input ssh command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.

line vty 0 4

!--- Prevent non-SSH Telnets.

transport input ssh

Test to make sure that non-SSH users cannot Telnet to the router Carter.

Set Up an IOS Router or Switch as SSH Client

There are four steps required to enable SSH support on an IOS router:

Configure the hostname command.

Configure the DNS domain.

Generate the SSH key to be used.

Enable SSH transport support for the virtual type terminal (vtys).

If you want to have one device act as an SSH client to the other, you can add SSH to a second device called Reed. These devices are then in a client-server arrangement, where Carter acts as the server, and Reed acts as the client. The IOS SSH client configuration on Reed is the same as required for the SSH server configuration on Carter.

!--- Step 1: Configure the hostname if you have not previously done so.

hostname carter

!--- The aaa new-model command causes the local username and password on the router

!--- to be used in the absence of other AAA statements.

aaa new-model

username cisco password 0 cisco

!--- Step 2: Configure the DNS domain of the router.

ip domain-name rtp.cisco.com

!--- Step 3: Generate an SSH key to be used with SSH.

cry key generate rsa

ip ssh time-out 60

ip ssh authentication-retries 2

!--- Step 4: By default the vtys' transport is Telnet. In this case,

!--- Telnet is disabled and only SSH is supported.

line vty 0 4

transport input SSH

!--- Instead of aaa new-model, you can use the login local command.

Customers Also Viewed These Support Documents