Cisco IOS: Disable Telnet access… or enable SSH

Posted by

Telnet access is enabled by default on some IOS releases. See this article for why this is bad.

If you don’t need Telnet access, you should disable it. The commands are as follows:

line vty 0 4
 transport input none

If you do need remote terminal access, you should switch Telnet to SSH where possible. Be sure to set a secure password.

ip domain-name
crypto key generate rsa
username yourusername secret supersecretpassword
line vty 0 4
 transport input ssh
 login local

The crypto key generate rsa command will ask you “How many bits in the modulus”. It is recommended to use at least 2048.

Leave a Reply

Your email address will not be published. Required fields are marked *