Enabling ssh on router and denying telnet

Answered Question
Mar 20th, 2007

Here is my config:

line vty 0 4

privilege level 15

login local

rotary 2

transport input ssh

I thought since I specified ssh as the input transport that it would not allow telnet. What do I have to do to block telent. Also please explain the rotary group. Thanks,

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 8 months ago

Matt

Given the config that you posted I would believe that telnet is not allowed on vty 0 4. Your message is not explicit about it but it seems to suggest that telnet is still working. Is that the case?

If telnet is still working then I would guess that your router has more than 5 vty lines (vty 0 4 includes 0, 1, 2, 3, and 4). Many of the current platforms and feature sets support more vty lines. On many of the platforms I am supporting the vty lines are 0 15 (which is 16 vty lines). The easy way to check is to show run and look down near the bottom. For historical reasons it will still show vty 0 4 and if there are more vty lines it will then show line vty 5 x (where x is the last line). If there are additional vty lines then include the transport intput ssh on them as well.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Richard Burts Tue, 03/20/2007 - 11:56

Matt

Given the config that you posted I would believe that telnet is not allowed on vty 0 4. Your message is not explicit about it but it seems to suggest that telnet is still working. Is that the case?

If telnet is still working then I would guess that your router has more than 5 vty lines (vty 0 4 includes 0, 1, 2, 3, and 4). Many of the current platforms and feature sets support more vty lines. On many of the platforms I am supporting the vty lines are 0 15 (which is 16 vty lines). The easy way to check is to show run and look down near the bottom. For historical reasons it will still show vty 0 4 and if there are more vty lines it will then show line vty 5 x (where x is the last line). If there are additional vty lines then include the transport intput ssh on them as well.

HTH

Rick

matt.kurtzhals Tue, 03/20/2007 - 12:25

Right on Rick.

5 15 were also configured. Changed those and now telnet is blocked.

Thanks,

Matt

Richard Burts Tue, 03/20/2007 - 13:27

Matt

Thank you for using the rating system to indicate that your problem was resolved. (and thanks for the rating) It makes the forum much more useful when people can read about a problem and can know that they will read a solution for their problem that worked. I encourage you to continue your participation in the forum.

HTH

Rick

Actions

This Discussion