From: Yasser Aly (yaseraly00@yahoo.com)
Date: Tue Aug 24 2004 - 03:49:23 GMT-3
Hi Scott,
Won't turning off the input transport turnoff also
SSH ?
I was thinking about this:
line vty 0 4
password cisco
login
transport input ssh
!
What is your openion ?
Regards,
Yasser
--- Scott Morris <swm@emanon.com> wrote:
> The "service" is one of those built-in things. But
> you can control it. The
> ACL listed is one way.
>
> The other is turning off the input transport...
>
> line vty 0 4
> password cisco
> login
> transport input none
> !
>
> Works:
> Emanon-R2#telnet 24.24.24.24
> Trying 24.24.24.24 ... Open
>
>
> Password required, but none set
>
> [Connection to 24.24.24.24 closed by foreign host]
> (Set the PW)
> Emanon-R2#telnet 24.24.24.24
> Trying 24.24.24.24 ... Open
>
>
> User Access Verification
>
> Password:
> Emanon-R1>Test 1 works
> ^
> % Invalid input detected at '^' marker.
>
> Emanon-R1>exit
> (did the transport input none command)
> [Connection to 24.24.24.24 closed by foreign host]
> Emanon-R2#telnet 24.24.24.24
> Trying 24.24.24.24 ...
> % Connection refused by remote host
>
> Emanon-R2#
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service
> Provider) #4713, CISSP,
> JNCIP, et al.
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@emanon.com/smorris@ipexpert.net
> http://www.ipexpert.net
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> laurent.metzger@bt.com
> Sent: Monday, August 23, 2004 1:06 PM
> To: geert.nijs@simac.be; ccielab@groupstudy.com
> Subject: RE: Stopping the telnet service
>
> hi Geert,
>
> we are doing:
>
> line vty 0 16
> access-class 1 in
>
> access-list 1 deny any
>
> This will not stop the telnet service but it will be
> impossible to telnet
> the router.
>
> Prettig avond verder, Laurent
>
> -----Original Message-----
> From: nobody@groupstudy.com on behalf of Geert Nijs
>
> Sent: Mon 8/23/2004 5:14 PM
> To: Group Study
> Cc:
> Subject: Stopping the telnet service
>
>
>
> Hi group,
>
> In configuring a router for SSH access only, i was
> wondering if you
> can
> stop the telnet service on a router.
> Since, when you configure SSH access only with
> "transport input
> ssh",
> the telnet service still runs,
> and, if you do a port scan on the router, you will
> notice that port
> 23
> can still be "seen".
>
> How can i configure the router not to respond to
> port 23 at all ?
>
> The best solution would be to stop the telnet
> service all together,
> if
> possible.
> I think that configuring an ACL on all interfaces,
> denying telnet,
> would
> also work. But i'll have to test that
> in the lab.
>
> Any other ideas ?
>
> Regards,
> Geert
>
>
>
>
############################################################################
> #########
> This e-mail and any attached files are confidential
> and may be
> legally privileged.
> If you are not the addressee, any disclosure,
> reproduction, copying,
> distribution,
> or other dissemination or use of this communication
> is strictly
> prohibited.
> If you have received this transmission in error
> please notify Simac
> immediately
> and then delete this e-mail.
>
> Simac has taken all reasonable precautions to avoid
> virusses in this
> email.
> Simac does not accept liability for damage by
> virusses, for the
> correct and complete
> transmission of the information, nor for any delay
> or interruption
> of the transmission,
> nor for damages arising from the use of or reliance
> on the
> information.
>
> All e-mail messages addressed to, received or sent
> by Simac or Simac
> employees
> are deemed to be professional in nature.
> Accordingly, the sender or
> recipient of
> these messages agrees that they may be read by
> other Simac employees
> than the official
> recipient or sender in order to ensure the
> continuity of
> work-related activities
> and allow supervision thereof.
>
>
############################################################################
> #########
>
>
>
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:48 GMT-3