Allow only telnet to device (Cisco)

Design & Configure

Configuration General (17)

Design Corner (7)

DevOps (6)

Enterprise Routing (26)

Enterprise Switching (26)

Enterprise WAN (15)

LAN Security (2)

Network Security (34)

Network Services (3)

SD-WAN (6)

Allow only telnet to device (Cisco)

Technology: Security
Area: Device Hardening
Vendor: Cisco
Title: How to allow SSH only to Cisco device
Software: 12.X , 15.X
Platform: Catalyst switches, Routers

Telnet protocol enables TCP/IP connections to a host fro management purposes. To allow only telnet sessions to device use configuration under line vty as below.

To restrict Telnet Session one has to:

Router# configure terminal Router(config)#line vty 0 4 Router(config-line)#transport input telnet

Verifying the command by trying to connect to telnet one has to Open Command Prompt:

PC> telnet 192.168.10.2 Trying 192.168.20.1 ……Open User Access Verification Password:

Verifying if ssh connection is possible:

PC> ssh -l admin 192.168.10.2 Timeout

Hint: remember to user telnet carefully. Telnet is a protocol that sends the content with clear text so is susceptible to sniffing attacks. You can verify telnet’s behavior easy with wireshark. Connect to any device with telnet, run the wireshark and login with user/pass. You should see your original password.

Author: Marcin Bialy