Menu

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

  • en
  • pl
  • Allow only telnet to device (Cisco)

    Design & Configure

    Allow only telnet to device (Cisco)

    Technology: Security
    Area: Device Hardening
    Vendor: Cisco
    Title: How to allow SSH only to Cisco device
    Software: 12.X , 15.X
    Platform: Catalyst switches, Routers

    Telnet protocol enables TCP/IP connections to a host fro management purposes. To allow only telnet sessions to device use configuration under line vty as below.

    To restrict Telnet Session one has to:

    Router# configure terminal
    Router(config)#line vty 0 4
    Router(config-line)#transport input telnet

    Verifying the command by trying to connect to telnet one has to Open Command Prompt:

    PC> telnet 192.168.10.2
    Trying 192.168.20.1 ……Open
    User Access Verification
    Password:

    Verifying if ssh connection is possible:

    PC> ssh -l admin 192.168.10.2
    Timeout

     

    Hint: remember to user telnet carefully. Telnet is a protocol that sends the content with clear text so is susceptible to sniffing attacks. You can verify telnet’s behavior easy with wireshark. Connect to any device with telnet, run the wireshark and login with user/pass. You should see your original password.

    Author: Marcin Bialy
     
    Grandmetric