GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Stopping the telnet service posted 08/24/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


True, it will...  Sorry, missed that if it was part of the original
question.  :)

Scott 

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Yasser Aly
Sent: Tuesday, August 24, 2004 2:49 AM
To: Scott Morris; laurent.metzger@xxxxxx; geert.nijs@xxxxxxxx;
ccielab@xxxxxxxxxxxxxx
Subject: RE: Stopping the telnet service

Hi Scott,

  Won't turning off the input transport turnoff also SSH ?

  I was thinking about this:

line vty 0 4
password cisco
login
transport input ssh
!

What is your openion ?

Regards,
Yasser

--- Scott Morris <swm@xxxxxxxxxx> wrote:

> The "service" is one of those built-in things.  But you can control 
> it.  The ACL listed is one way.
> 
> The other is turning off the input transport...
> 
> line vty 0 4
>  password cisco
>  login
>  transport input none
> !
> 
> Works:
> Emanon-R2#telnet 24.24.24.24
> Trying 24.24.24.24 ... Open
> 
> 
> Password required, but none set
> 
> [Connection to 24.24.24.24 closed by foreign host] (Set the PW) 
> Emanon-R2#telnet 24.24.24.24 Trying 24.24.24.24 ... Open
> 
> 
> User Access Verification
> 
> Password: 
> Emanon-R1>Test 1 works
>             ^
> % Invalid input detected at '^' marker.
> 
> Emanon-R1>exit
> (did the transport input none command)
> [Connection to 24.24.24.24 closed by foreign host]
> Emanon-R2#telnet 24.24.24.24
> Trying 24.24.24.24 ... 
> % Connection refused by remote host
> 
> Emanon-R2# 
> 
> HTH,
> 
>  
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service
> Provider) #4713, CISSP,
> JNCIP, et al.
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@xxxxxxxxxx/smorris@xxxxxxxxxxxx
> http://www.ipexpert.net
>  
> 
> 
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx
> [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
> laurent.metzger@xxxxxx
> Sent: Monday, August 23, 2004 1:06 PM
> To: geert.nijs@xxxxxxxx; ccielab@xxxxxxxxxxxxxx
> Subject: RE: Stopping the telnet service
> 
> hi Geert,
>  
> we are doing:
>  
> line vty 0 16
> access-class 1 in
>  
> access-list 1 deny any
>  
> This will not stop the telnet service but it will be
> impossible to telnet
> the router.
>  
> Prettig avond verder, Laurent
> 
> 	-----Original Message----- 
> 	From: nobody@xxxxxxxxxxxxxx on behalf of Geert Nijs
> 
> 	Sent: Mon 8/23/2004 5:14 PM 
> 	To: Group Study 
> 	Cc: 
> 	Subject: Stopping the telnet service
> 	
> 	
> 
> 	Hi group,
> 	
> 	In configuring a router for SSH access only, i was
> wondering if you
> can
> 	stop the telnet service on a router.
> 	Since, when you configure SSH access only with
> "transport input
> ssh",
> 	the telnet service still runs,
> 	and, if you do a port scan on the router, you will
> notice that port
> 23
> 	can still be "seen".
> 	
> 	How can i configure the router not to respond to
> port 23 at all ?
> 	
> 	The best solution would be to stop the telnet
> service all together,
> if
> 	possible.
> 	I think that configuring an ACL on all interfaces,
> denying telnet,
> would
> 	also work. But i'll have to test that
> 	in the lab.
> 	
> 	Any other ideas ?
> 	
> 	Regards,
> 	Geert
> 	
> 	
> 	
>
############################################################################
> #########
> 	This e-mail and any attached files are confidential
> and may be
> legally privileged.
> 	If you are not the addressee, any disclosure,
> reproduction, copying,
> distribution,
> 	or other dissemination or use of this communication
> is strictly
> prohibited.
> 	If you have received this transmission in error
> please notify Simac
> immediately
> 	and then delete this e-mail.
> 	
> 	Simac has taken all reasonable precautions to avoid
> virusses in this
> email.
> 	Simac does not accept liability for damage by
> virusses, for the
> correct and complete
> 	transmission of the information, nor for any delay
> or interruption
> of the transmission,
> 	nor for damages arising from the use of or reliance
> on the
> information.
> 	
> 	All e-mail messages addressed to, received or sent
> by Simac or Simac
> employees
> 	are deemed to be professional in nature.
> Accordingly, the sender or
> recipient of
> 	these messages agrees that they may be read by
> other Simac employees
> than the official
> 	recipient or sender in order to ensure the
> continuity of
> work-related activities
> 	and allow supervision thereof.
> 	
>
############################################################################
> #########
> 	
> 	
>
_______________________________________________________________________
> 	Please help support GroupStudy by purchasing your
> study materials
> from:
> 	http://shop.groupstudy.com
> 	
> 	Subscription information may be found at:
> 	http://www.groupstudy.com/list/CCIELab.html
> 
>
_______________________________________________________________________
> Please help support GroupStudy by purchasing your
> study materials from:
> http://shop.groupstudy.com
> 
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
> 
>
_______________________________________________________________________
> Please help support GroupStudy by purchasing your
> study materials from:
> http://shop.groupstudy.com
> 
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html

_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com

Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html