Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
752
Views
0
Helpful
2
Replies

Router still accessible via telnet

Go to solution
Mmiselo
Level 1
Level 1

‎04-07-2015 02:28 AM - edited ‎03-07-2019 11:25 PM

Good day,

I have changed my ssh port to 2022, that is working fine and port 22 is refused.

The strange thing happening is that the router (2900) is sometimes accessible via port 23, this is strange because the same configs are implemented on other routers but we don't have the same issue.

These are the configs we have;

ip access-list extended INTERNET_IN
 permit tcp any any eq 2022

line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output none
 stopbits 1
line vty 0 4
 access-class INTERNET_IN in
 password 7 08224340071C06031C5838
 rotary 1
 transport preferred none
 transport input telnet ssh
line vty 5 600
 transport input all

I thought we need to change transport input telnet ssh to transport input ssh but we have the same command on other routers and telnet is not accessible at all.

May you please advise on a solution or changes that one needs to make to ensure that the server is not accessible via Telnet.

 

Regards

Nelson

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Tinashe Ndhlovu
Level 1
Level 1

‎04-07-2015 01:04 PM

Hi Nelson

I see in your config you also have "line vty 5 600" with no access class configured on it and transport input allowing all... I suspect this is where the "sometimes" behaviour is coming from... on vty  0-4 the access class takes effect but if someone telnets in on say vty 8 they will gain access... Unless I am overlooking something

 

View solution in original post

0 Helpful

Go to solution
Charles Hill
VIP Alumni
VIP Alumni

‎04-07-2015 04:31 PM

Hello Nelson,

In addition to what Tinashe stated:

If 5 simultaneous ssh connections(line vty 0 4) are sufficient, you can disable the other vty ports.

 

line vty 5 15

no login

 

Hope this helps,

if so, please rate.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Tinashe Ndhlovu
Level 1
Level 1

‎04-07-2015 01:04 PM

Hi Nelson

I see in your config you also have "line vty 5 600" with no access class configured on it and transport input allowing all... I suspect this is where the "sometimes" behaviour is coming from... on vty  0-4 the access class takes effect but if someone telnets in on say vty 8 they will gain access... Unless I am overlooking something

 

0 Helpful

Go to solution
Charles Hill
VIP Alumni
VIP Alumni

‎04-07-2015 04:31 PM

Hello Nelson,

In addition to what Tinashe stated:

If 5 simultaneous ssh connections(line vty 0 4) are sufficient, you can disable the other vty ports.

 

line vty 5 15

no login

 

Hope this helps,

if so, please rate.

 

0 Helpful
Customers Also Viewed These Support Documents