Enable SSH && disable telnet

Written by Arnaud 30 april 2014 no comments

Telnet is "bad", this is how to enable ssh and disable telnet login, and BTW we only want ssh v2 as v1 is vulnerable to several attacks:
When asked choose a least 1024bits for the key

hostname switch
ip domain-name mydomain.tld
aaa new-model
crypto key generate rsa
ip ssh version 2
line vty 0 15
 transport input ssh

Remember to add ACL, this is always a good thing

access-list 99 permit 192.0.2.0 0.0.0.255
ipv6 access-list ACL-RESTRICTED-IN
 permit ipv6 2001:db8::/32 any

line vty 0 15
 access-class 99 in
 ipv6 access-class ACL-RESTRICTED-IN in

when you create your ACL, remember it's even better to only accept login from your network

Source and nice explanation of the banners : http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/...

OH! BTW if you use clogin/rancid to log into your equipments, make sure your MOTD does not have any # or the auto-enable won't work...
I told you : MOTD (with #) + SSH + clogin = no auto enable