Only SSH and NO Telnet

Answered Question
Apr 22nd, 2008
User Badges:

All,

I have been using telnet for a while now to access my routers now that my routers are configured to use SSH 2 our security group wants us to nix the telnet access all together. As simple as it may be I never have done it. Can anyone instruct me on how to totally turn off telnet on a router. Thanks.

Correct Answer by andrew.butterworth about 8 years 11 months ago

line vty 0 4

transport input ssh


If its a Catalyst then there are 16 vty lines by default so:


line vty 0 15

transport input ssh



HTH


Andy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
andrew.butterworth Tue, 04/22/2008 - 06:48
User Badges:
  • Gold, 750 points or more

line vty 0 4

transport input ssh


If its a Catalyst then there are 16 vty lines by default so:


line vty 0 15

transport input ssh



HTH


Andy

donlerche Thu, 05/08/2008 - 06:57
User Badges:

Hi, have just done this using the following commands on the vty's:-


line vty 0 15

transport input ssh

transport output ssh


This should remove the ability to both telnet to and from the device. It appears the default is "transport input telnet" and "transport output telnet" but this doesn't show in the config. If you want BOTH telnet & ssh, then use "transport input telnet ssh" and "transport output telnet ssh"


Regards


Don

tj.mitchell Thu, 05/08/2008 - 08:18
User Badges:
  • Bronze, 100 points or more

Ensure that you have the transport output ssh command in there, otherwise if you try to ssh from one device to another it's not going to work.


Richard Burts Thu, 05/08/2008 - 08:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thomas


While configuring transport output ssh might be a good idea it is certainly not required. SSH as an output transport is enabled by default. I frequently SSH from one router to another and the router from which I initiate the SSH does not have transport output ssh configured.


But as Don pointed out, if you want to disable outbound telnet then you do need to configure transport output ssh.


That configuration is required to disable telnet, it is not required to enable ssh.


HTH


Rick

Actions

This Discussion