How To: Configure Cisco Router or Switch for SSH – Disable Telnet and Add Users
To secure your cisco equipment on the internet I would recommend disabling telnet and only using ssh. Telnet is very insecure since it sends passwords and commands in clear text over the internet, opening yourself up for a man-in-the-middle attack where someone could get your login information for malicious acts. Here is an easy to follow step by step guide on how to do enable ssh, disable telnet and add users to login via ssh.
1. Login to your router or switch and into enable mode.
2. Once in enable mode on the router or switch the following commands need to be run.
> hostname your-custom-hostname
> ip domain name your-domain.com
3. Now those are set you can generate the RSA keys
> crypto key generate rsa
The name for the keys will be: your-custom-hostname.your-domain.com
Choose the size of the key modulus in the range of 360 to 2048
for your General Purpose Keys. Choosing a key modulus greater than
512 may take a few minutes.
How many bits in the modulus : 1024
Then you have the option to choose how many bits the keys will be anywhere between 360 and 2048, I choose 1024 since it is very secure and the router can create the key quickly. The default is 512.
4. Now that all of that is done your router is accessible via ssh but next we need to disable telnet and allow for local logins if you are not using another authentication method.
> line vty 0 4
> login local
> transport input ssh
5. That takes care of disabling telnet and adding login local give you a local authentication method. Now to add users the following command will do the trick.
> username myusername password 0 yourpassword
That’s it now you will be able to access your device via putty or any other ssh client. This is a nice secure way to access your cisco equipment with a few easy commands to set it up.