SSH and TELNET

Answered Question

ROUTER(SSH)-->SWITCH(TELNET)


My requirement is like this..

1)i will be able to ssh the router and restrcited to telnet.

2)once i'll get in to the router i can telnet to the switch from the same session.


I have applied the below given commands

ROUTER(SSH)Configuration...

Line VTY 0 4

TRANSPORT INPUT TELNET SSH

TRANSPORT OUTPUT TELNET SSH


but after this i can also telnet the router, but if i remove telnet i will not be able to telnet the switch.


any help will be appriciated.






Correct Answer by royalblues about 9 years 3 months ago

Try this


line vty 0 4

transport input ssh ---- this will restrict telnet into this device


transport output telnet --- this will allow telnet to be initiated from this device


In addition you can restrict the machines that can gain access via the access-class command as suggested above


HTH

Narayan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
gojericho0 Mon, 02/11/2008 - 13:30
User Badges:
  • Bronze, 100 points or more

Hello


On your vty line just use TRANSPORT INPUT SSH and TRANSPORT OUTPUT SSH instead of including telnet as well.


HTH

guruprasadr Mon, 02/11/2008 - 21:03
User Badges:
  • Gold, 750 points or more

HI Bhupesh, [Pls Rate if HELPS]


You can block based on Port:


access-list 110 deny tcp any host $yourRouterIP eq 23


interface X0/0

access-group in 110


Allow access to authroised HOST:


access-list 50 permit 192.168.1.1

access-list 50 deny any log


line vty 0 4

access-class 50 in

exec-timeout 5 0


(or)

To Prevent Non-SSH Connections:

==================================

If you want to prevent non-SSH connections, add the transport input ssh command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.


line vty 0 4


!--- Prevent non-SSH Telnets.


transport input ssh


Test to make sure that non-SSH users cannot Telnet to the router.


Hope i am Informative.


PLS RATE if HELPS



Best Regards,


Guru Prasad R


Correct Answer
royalblues Tue, 02/12/2008 - 06:04
User Badges:
  • Green, 3000 points or more

Try this


line vty 0 4

transport input ssh ---- this will restrict telnet into this device


transport output telnet --- this will allow telnet to be initiated from this device


In addition you can restrict the machines that can gain access via the access-class command as suggested above


HTH

Narayan

Hi Guru,


Thanks for your inputs, I think there is misunderstanding on the requirement.


First i am doing ssh to the router (i want to open only ssh and restrict the telnet), now to access the immidiate connected L2 switch i have to telnet (The L2 switch didn't support the SSH so there no other option for me apart from telnet) the switch from the ssh session of router.


If i'll put the "transport input ssh" on router, I am no longer able to telnet the immidiate connected L2 switch from the ssh session of router.


&


If i'll put the "transport input telnet ssh" on router, I am able to ssh to the router (which is my requirement) also i am able to telnet to the router (which is not my requirement) and I am able to telnet the immidiate connected L2 switch(which is my requirement) from the ssh session of router.


Hope we are on the same page now.


Thanks in advanced.

royalblues Tue, 02/12/2008 - 06:53
User Badges:
  • Green, 3000 points or more

you should be able to initiate a telnet from the device to which you have SSHed into unless you have restricted via the transport output command



HTH

Narayan

guruprasadr Tue, 02/12/2008 - 07:00
User Badges:
  • Gold, 750 points or more

HI Bhupesh, [Rate all informative POST]


Nice to hear your problem is close to resolve.


'line vty 0 4'

'transport input ssh'


>> This will normally block the non-ssh connection to the Router.


Refer the previous POST.


PLS RATE ALL INFORMATIVE POSTS


Best Regards,


Guru Prasad R

royalblues Tue, 02/12/2008 - 07:13
User Badges:
  • Green, 3000 points or more

Bhupesh,


Can you try the commands as per my earlier post and revert back?


Narayan

Actions

This Discussion