Solved: Reverse-Telnet?

jtoca3321 · ‎03-22-2013

So I am hoping someone can clarify what reverse telnet is and why Cisco's best practice is to disable in on devices. As a default profile on a monitoring tool suggests disabling reverse-telnet, I want to know why you want to disable it and what reverse telnet is. Any information here would be helpful.

jj27 · ‎03-22-2013

Reverse telnet allows you to telnet to a device then from that device connect to the console of another device. Below is a quick snippet highlighting most of what you'll need to know about it.

Reverse Telnet gives you the ability to telnet to a device, and then console to another device from there. For example, you could telnet to a router, and then console into a switch, or a modem, or anything that has a console port. There are alot of devices out there that dont have remote access built into them, their only option is a console session. Well, this will allow you to remotely manage these devices.

Before we even begin, lets set up the cabling first.

You need a straight through cable going from the console port of the console-only device to the AUX port on your router.

Now lets get going with the router config:

In order to set up reverse telnet, these are the steps:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Configure the AUX port.

router#config t

router(config)#line aux 0

router(config-line)#modem InOut

router(config-line)#transport input all

router(config-line)#speed 19200

router(config-line)#exit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Then you must create a loopback addresss

router#config t

router(config)#int loopback 0

router(config-if)#ip address 10.0.0.1 255.0.0.0

router(config-if)#no shut

router(config-if)#exit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. Now you must find out what "line" the router uses for the AUX port.

OUTSIDE OF CONFIG MODE (hit CTRL-Z to get out) enter the command "sh line"

you will get an output resembling the following:

router#sh line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int

0 CTY - - - - - 0 0 0/0 -

225 AUX 19200/19200 - inout - - - 0 0 0/0 -

* 226 VTY - - - - - 10 0 0/0 -

227 VTY - - - - - 0 0 0/0 -

228 VTY - - - - - 0 0 0/0 -

229 VTY - - - - - 0 0 0/0 -

230 VTY - - - - - 0 0 0/0 -

This particular router (a 3660) uses line 225 for the AUX port.

--------

This is the output from a 2611.

router#sh line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int

0 CTY - - - - - 0 0 0/0 -

65 AUX 19200/19200 - inout - - - 8 0 2177/0 -

* 66 VTY - - - - - 24 0 0/0 -

67 VTY - - - - - 3 0 0/0 -

68 VTY - - - - - 1 0 0/0 -

69 VTY - - - - - 0 0 0/0 -

70 VTY - - - - - 0 0 0/0 -

It uses line 65 for the AUX port. (The port with the * by it is

the line you are currently connected to.)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Telnet:

To do this, you will telnet to the IP address you set on the loopback interface.

The port number you will telnet to is 2000+line#.

So for the 3660, assuming my loopback interface has IP address of 10.0.0.1,

I would telnet to 10.0.0.1:2225

For the 2611, assuming my loopback interface has IP address of 10.0.0.1,

I would telnet to 10.0.0.1:2065.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. Finishing:

When you are done, while holding the keys CTRL+SHIFT+6, press the letter X.

This will kick you out of the AUX port.

The router will still keep the line connected and no one will be able to

retelnet back in until you clear the line.

To do this, OUTSIDE OF CONFIG MODE (hit CTRL-Z to get out of config mode)

you enter the command "clear line xxx" where "x" is the line#.

So for the 3660, I would enter "clear line 225"

On the 2611, I would enter "clear line 65"

It will ask you to confirm, just hit the enter key.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And that is everything there is to know about reverse telnetting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is a sample configuration, this is everything you need to reverse telnet:

sample-config#sh run

Building configuration...

Current configuration : 3481 bytes

!

interface Loopback0

ip address 10.0.0.1 255.0.0.0

!

line con 0

transport input none

line aux 0

modem InOut

transport input all

speed 19200

line vty 0 4

password xxxxxxx

login

!

end

View solution in original post

jj27 · ‎03-22-2013

Reverse telnet allows you to telnet to a device then from that device connect to the console of another device. Below is a quick snippet highlighting most of what you'll need to know about it.

Reverse Telnet gives you the ability to telnet to a device, and then console to another device from there. For example, you could telnet to a router, and then console into a switch, or a modem, or anything that has a console port. There are alot of devices out there that dont have remote access built into them, their only option is a console session. Well, this will allow you to remotely manage these devices.

Before we even begin, lets set up the cabling first.

You need a straight through cable going from the console port of the console-only device to the AUX port on your router.

Now lets get going with the router config:

In order to set up reverse telnet, these are the steps:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Configure the AUX port.

router#config t

router(config)#line aux 0

router(config-line)#modem InOut

router(config-line)#transport input all

router(config-line)#speed 19200

router(config-line)#exit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. Then you must create a loopback addresss

router#config t

router(config)#int loopback 0

router(config-if)#ip address 10.0.0.1 255.0.0.0

router(config-if)#no shut

router(config-if)#exit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. Now you must find out what "line" the router uses for the AUX port.

OUTSIDE OF CONFIG MODE (hit CTRL-Z to get out) enter the command "sh line"

you will get an output resembling the following:

router#sh line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int

0 CTY - - - - - 0 0 0/0 -

225 AUX 19200/19200 - inout - - - 0 0 0/0 -

* 226 VTY - - - - - 10 0 0/0 -

227 VTY - - - - - 0 0 0/0 -

228 VTY - - - - - 0 0 0/0 -

229 VTY - - - - - 0 0 0/0 -

230 VTY - - - - - 0 0 0/0 -

This particular router (a 3660) uses line 225 for the AUX port.

--------

This is the output from a 2611.

router#sh line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int

0 CTY - - - - - 0 0 0/0 -

65 AUX 19200/19200 - inout - - - 8 0 2177/0 -

* 66 VTY - - - - - 24 0 0/0 -

67 VTY - - - - - 3 0 0/0 -

68 VTY - - - - - 1 0 0/0 -

69 VTY - - - - - 0 0 0/0 -

70 VTY - - - - - 0 0 0/0 -

It uses line 65 for the AUX port. (The port with the * by it is

the line you are currently connected to.)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Telnet:

To do this, you will telnet to the IP address you set on the loopback interface.

The port number you will telnet to is 2000+line#.

So for the 3660, assuming my loopback interface has IP address of 10.0.0.1,

I would telnet to 10.0.0.1:2225

For the 2611, assuming my loopback interface has IP address of 10.0.0.1,

I would telnet to 10.0.0.1:2065.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. Finishing:

When you are done, while holding the keys CTRL+SHIFT+6, press the letter X.

This will kick you out of the AUX port.

The router will still keep the line connected and no one will be able to

retelnet back in until you clear the line.

To do this, OUTSIDE OF CONFIG MODE (hit CTRL-Z to get out of config mode)

you enter the command "clear line xxx" where "x" is the line#.

So for the 3660, I would enter "clear line 225"

On the 2611, I would enter "clear line 65"

It will ask you to confirm, just hit the enter key.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And that is everything there is to know about reverse telnetting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is a sample configuration, this is everything you need to reverse telnet:

sample-config#sh run

Building configuration...

Current configuration : 3481 bytes

!

interface Loopback0

ip address 10.0.0.1 255.0.0.0

!

line con 0

transport input none

line aux 0

modem InOut

transport input all

speed 19200

line vty 0 4

password xxxxxxx

login

!

end

scott.mwa · ‎12-15-2014

This is a great post, and sorry for bringing up such an old thread, but how do you disable reverse telnet?

DaleFirmin3308 · ‎12-20-2019

I realize that this is an EXTREMELY old post but I'm answering because no one else did and someone else may want to know.

Basically you "disable" it by not "enabling" it in the first place. You have to configure the CON port for OUTPUT as well as INPUT, which is not its default state, and then you have to configure the other device's AUX port similarly using the steps detailed here. This is not something that just happens by accident.

kcherry · ‎01-15-2016

Thanks for the post. Here's quick question as I'm having some trouble. I setup the loopback on an IP which is not routable by our network at 1.1.1.1 255.255.255.252. My thought is to authenticate to the router, then telnet from the router to the line aux port, which get me to the "oh crap my network is down" port on the switch. It should be noted that I took a default config on a Cisco 1921 and only added the aux and loopback config as I'm just testing the basics. I'm not connected to the router via IP, but rather consoled to it, which then has straight through from Aux port to the console on the switch.

Here's my config.

##############################################################################

Router#sho run
Building configuration...

Current configuration : 1171 bytes
!
! Last configuration change at 16:15:09 UTC Fri Jan 15 2016
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FTX172684RY
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description Reverse Telnet
ip address 1.1.1.1 255.255.255.252
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
password cisco
login
modem InOut
transport input all
speed 19200
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

##############################################################################

Bo Huang · ‎10-07-2021

I'd like to point out straight through cable doesn't work in my lab test but rollover cable works!

Bo Huang