Specifying transport input telnet (and leaving out ssh) should be effective in eliminating SSH access to the router.
As far as the access list is concerned I have these comments:
- while I think the access list is not necessary because of the transport input specification it may be desirable to also configure the access list to make management feel better about the restriction.
- denying UDP is not necessary. SSH uses TCP.
- when the access list specifies deny tcp any any eq 22, it not only denies SSH to the router but it denies any SSH passing through the router. That may or may not be an issue depending on your particular situation. To prevent SSH to the router but allow SSH to go through you would want the access list to deny tcp any host eq 22.
It seems kind of strange to me that you have to turn off SSH instead of turning off Telnet.
You can use SSH to do anything you might typically do with telnet and with the assurance that your password and other sensitive information are secure. Prefect for a security scan!
Regarding your question: Entering the command 'transport input telnet' on the vty lines is enough to disable telnet. If you want to be sure you can also remove the general-purpose-key that you need for using SSH.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...