To restrict what protocols that you can use to access the routers VTY ports, use the transport input configuration command:
RTR1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RTR1(config)#line vty 0 4
RTR1(config-line)#transport input telnet(for telnet )
RTR1(config-line)#transport input telnet ssh (for both telnet and ssh)
RTR1(config-line)#exit
RTR1(config)#end
RTR1#
Most administrators do not realize that, by default, Cisco routers will allow VTY access via other protocols besides Telnet. In some instances, intruders can bypass security measures that you have in place for Telnet and access your VTYs directly. To be safe, we recommend that you disable all unused protocols from accessing your VTYs. This will prevent anybody from gaining VTY access through one of these other protocols.
No comments:
Post a Comment