Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1609
Views
0
Helpful
7
Replies

Telnet and Finger

burgessjt
Level 1
Level 1

‎11-22-2005 07:46 AM - edited ‎03-03-2019 12:53 AM

Anyone know off-Hand how to remove Telnet and Finger services from a 1700 series router running IOS 12.1 or 12.2?

I figured it'd be as simple as 'no telnet service' or 'no telnet server' just like the 'no http server' command, but no such luck.

Also, I was poking around trying to find out if the 1700 series routers supported secure telnet or SSH, but haven't found a definitive answer.

Labels:
0 Helpful
7 Replies 7

spremkumar
Level 9
Level 9

‎11-22-2005 07:55 AM

Hi

you can disable finger service using no service finger command and u can block telnet connection and enable ssh by using transport input ssh.

for configuring SSH u can refer this link but do remember that you need to have 3des support in ur ios code to support the same..

http://www.cisco.com/warp/public/707/ssh.shtml

regds

0 Helpful

burgessjt
Level 1
Level 1
In response to spremkumar

‎11-22-2005 12:07 PM

Thank you for the info on SSH, I'll read up on it. From the sounds of it I'll need to aquire a new IOS version. Hopefully my company is up to date on our support contracts.

I tried the 'no service finger' command before, but it doesn't appear in my running config? or is it not supposed to? I see my 'no service password-encryption' and 'no ip http server' settings in 'sh run' but still do not see the 'no service finger'

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to burgessjt

‎11-22-2005 04:00 PM

no service finger appears to be the default setting in your case and that's the reason why it doesn't show up in the running config.

Before you upgrade the IOS and configure ssh if you are looking to block telnet access completely, apply an access list to vty ports to block telnet access. Here's an example.

Eg.

line vty 0 4

access-class 1 in

access-list 1 deny any

HTH,

Sundar

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to sundar.palaniappan

‎11-22-2005 06:26 PM

Sundar

Your suggested solution will certainly block any telnet access and also will block EVERYTHING else that attempts remote access. I am not sure that is what the original post had in mind.

The access-class command controls any access (based only on source address) - no matter what protocol it is trying to use for access. My understanding of the original post was that he was interested in a secure remote access such as SSH. Your suggestion would prevent this.

HTH

Rick

HTH

Rick
0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to Richard Burts

‎11-22-2005 08:53 PM

Rick,

I suggested blocking telnet using access class as an INTERIM solution only before he can upgrade the IOS to enable SSH.

Cheers,

Sundar

0 Helpful

burgessjt
Level 1
Level 1
In response to sundar.palaniappan

‎11-23-2005 10:58 AM

I don't think No service finger is the default. A recent audit shows finger as open on these routers and they told us to shut it off.

I can't block Telnet altogether, so I'll need to implement the ssh as soon as I can. But still can not figure out how to turn finger off.

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to burgessjt

‎11-23-2005 02:52 PM

There are two commands to disable finger service on a router.

Newer command - no ip finger

Older command - no service finger

Cisco routers support both commands. Even after entering these commands if you suspect finger service is still enabled on a router, go ahead and add ip finger or service finger in the global config mode and see what happens. Router would add ip finger command to the configuration.

I don't know of a show command that tells you whether finger service is enabled. Hence, this probably is your best bet.

HTH,

Sundar

0 Helpful
Customers Also Viewed These Support Documents