02-14-2024 03:36 AM
hi all,
i want to enable ssh on some switches but still keep telnet until i can login ssh and then i will disable telnet, is this a good how to to follow
https://networkproguide.com/how-to-enable-ssh-on-cisco-catalyst-switch-router/
but when it comes to step 9 i imagine i do this
transport input ssh telnet
and then i can log in ssh and if all good i can chage it back to
transport input ssh
is that correct?
02-14-2024 03:50 AM
Yeah that's the way how it works. When you remove "telnet" keyword, the VTY lines won't allow telnet accesses.
02-14-2024 05:24 AM
and i imagine as my user is enable/privilege i can disable the enable password?
02-14-2024 05:56 AM
Yes, if your user is configured with privilege 15, you basically don't need the enable secret password.
It it where my network, I would keep the enable secret password configured. It may come in handy in some situations.
02-14-2024 06:15 AM
I don't think you can unless you configure "privilege level 15" under the VTY lines, that will bypass the need to go through the enable secret.
02-14-2024 08:58 AM
Priviledge level 15 under the line vty is not necessary:
username cisco privilege 15 secret 9 $9$yCcRSAYE3Apcik$wHbANizGotpOoGE/nBJvl5aTkvdpLKZ7XknGXlzwbHc
line vty 3 4
login local
transport input telnet ssh
liviu@Livius-iMac:~$ telnet 172.25.25.97
Trying 172.25.25.97...
Connected to 172.25.25.97.
Escape character is '^]'.
User Access Verification
Username: Kerberos: No default realm defined for Kerberos!
cisco
Password:
C8000v#
02-14-2024 09:18 AM
Do you have the enable secret configured on that device?
02-14-2024 06:23 AM
You can use two different vty line
One you can access via telnet and other via ssh'
These two different vty line can separate by rotary number.
MHM
02-14-2024 06:38 AM
good point so one vty line for ssh and another for telnet ie
transport input ssh
transport input telnet
instead of this
transport input ssh telnet
so then if ssh is all good, to disable telnet i just do
no transport input telnet
02-14-2024 06:43 AM
No friend complete isolated vty lines
Line vty 0 2
Transport input telnet
Rotary 1
Line vty 3 4
Transport input ssh
Rotary 2
https://brbccie.blogspot.com/2014/01/mini-vty-rotary_5.html?m=1
Note:- make sure you always have enable password in device and double check config before WR the config if there is anything wrong you can reload the device and return to point before config is modified
MHM
02-14-2024 09:06 AM
Yes, your approach is correct. Here's a breakdown of the steps:
By following this approach, you can enable SSH while still retaining Telnet access temporarily until you're confident in SSH functionality. Once SSH is confirmed to be working correctly, you can then disable Telnet access for improved security.
02-14-2024 11:11 AM - edited 02-14-2024 11:20 AM
so i cant have it like this
Switch9k(config)# line vty 0 15 Switch9k(config-line)# login local Switch9k(config-line)# transport input ssh Switch9k(config-line)# exit Switch9k(config)#
and...
Switch9k(config)# line vty 0 15 Switch9k(config-line)# login local Switch9k(config-line)# transport input telnet Switch9k(config-line)# exit Switch9k(config)#
as 0-15 is already being used by ssh, i cant have another 0-15 for telnet, i need to do 0-7 for ssh and 8-15 for telnet?
or just have one for everything which is much better
Switch9k(config)# line vty 0 15 Switch9k(config-line)# login local Switch9k(config-line)# transport input ssh telnet Switch9k(config-line)# exit Switch9k(config)#
02-14-2024 01:21 PM
You will have to split the VTY lines if you want to use the rotary feature. However, as this is a temporary solution I would keep it simple and stick with the last option.
02-15-2024 03:04 AM
thanks all, so this is to enable ssh on the IOS ie the cat switches and i imagine the SB and SG switches its just a case of doing this in CLI
ip ssh server
much more simpler than the cat switches
02-21-2024 02:58 AM
what about if i already have vty lines, how do i get rid of all of them and just have one vty line 0-15
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide