Monday, March 15, 2010

Telnet and SSH

Using Telnet to Remotely Connect to Other Devices

The following five commands all achieve the same result: the attempt to connect remotely to the router named Paris at IP address 172.16.20.1.


Any of the preceding commands lead to the following configuration sequence:



CAUTION: The following configuration creates a big security hole. Never use it in a live production environment. Use it in the lab only!


NOTE: A device must have two passwords for a remote user to be able to make changes to your configuration:
  • Line vty password (or have it explicitly turned off; see the preceding Caution)
  • Enable or enable secret password

Without the enable or enable secret password, a remote user will only be able to get to user mode, not to privileged mode. This is extra security.


Configuring the Secure Shell Protocol (SSH)

CAUTION: SSH Version 1 implementations have known security issues. It is recommended to use SSH Version 2 whenever possible.

NOTE: To work, SSH requires a local username database, a local IP domain, and an RSA key to be generated.

The Cisco implementation of SSH requires Cisco IOS Software to support Rivest- Shamir-Adleman (RSA) authentication and minimum Data Encryption Standard (DES) encryption—a cryptographic software image.