Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Why can I still telnet?

I am attempting to disable telnet and allow only ssh to 2960 switch.

enable password 7 ***

username admin password 7 ***

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

line con 0

line vty 0 4

transport input ssh

line vty 5 15

I can still telnet. Do you need to bounce the switch to take effect?

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Why can I still telnet?

you only have changed line vty 0 4 for SSH. lines 5 15 are still available for telnet. You should use the ttransport input ssh for lines 0 15.

3 REPLIES
Community Member

Re: Why can I still telnet?

you only have changed line vty 0 4 for SSH. lines 5 15 are still available for telnet. You should use the ttransport input ssh for lines 0 15.

Community Member

Re: Why can I still telnet?

Community Member

Re: Why can I still telnet?

I got some document on it ..pasting the relevant part ..see / rate if this helps ...

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#testwithssh

Prevent Non-SSH Connections

If you want to prevent non-SSH connections, add the transport input ssh command under the lines to limit the router to SSH connections only. Straight (non-SSH) Telnets are refused.

line vty 0 4

!--- Prevent non-SSH Telnets.

transport input ssh

Test to make sure that non-SSH users cannot Telnet to the router Carter.

Set Up an IOS Router or Switch as SSH Client

There are four steps required to enable SSH support on an IOS router:

Configure the hostname command.

Configure the DNS domain.

Generate the SSH key to be used.

Enable SSH transport support for the virtual type terminal (vtys).

If you want to have one device act as an SSH client to the other, you can add SSH to a second device called Reed. These devices are then in a client-server arrangement, where Carter acts as the server, and Reed acts as the client. The IOS SSH client configuration on Reed is the same as required for the SSH server configuration on Carter.

!--- Step 1: Configure the hostname if you have not previously done so.

hostname carter

!--- The aaa new-model command causes the local username and password on the router

!--- to be used in the absence of other AAA statements.

aaa new-model

username cisco password 0 cisco

!--- Step 2: Configure the DNS domain of the router.

ip domain-name rtp.cisco.com

!--- Step 3: Generate an SSH key to be used with SSH.

cry key generate rsa

ip ssh time-out 60

ip ssh authentication-retries 2

!--- Step 4: By default the vtys' transport is Telnet. In this case,

!--- Telnet is disabled and only SSH is supported.

line vty 0 4

transport input SSH

!--- Instead of aaa new-model, you can use the login local command.

207
Views
5
Helpful
3
Replies
CreatePlease to create content