telnet

Makes your terminal a dumb terminal. You

can only run programs on another computer, not copy files.
show sessions
Shows the routers into which you are telnetted.
show users
Shows the routers that are telnetted int
o your router.
exit
Closes a Telnet session.
disconnect
Closes a remote Telnet session.
clear line line-number Clears a session connected to your router.
Setting Up Secure Shell (SSH)
Instead of Telnet, you can use Secure Shell, which creates a more secure
session than the Telnet
application that uses an unencrypted data stream. SSH uses encrypted key
s to send data so that your
username and password are not sent in the clear. Table 1-9 lists the com
mands.
Table 1-9: SSH Commands
Command Meaning
ip domain-name Lammle.com
Sets your domain name. You must set this.
crypto key generate rsa general-keys modulus
Sets the size of the key
up to 2048.
ip ssh time-out
Sets the idle timeout up to 120 seconds.
ip ssh authentication-retries
Sets the
max failed attempts up to 120.
line vty first-line last_line
Chooses
your VTY lines to configure.
transport input ssh telnet
Tells the router to use SSH and then Telnet. You do not need the telnet command
at the end of the line, but if you don t use it, only SSH will work on the router.
Here s an example of how you set up SSH on a router:
1. Set your hostname:
Router(config)#hostname Todd
2. Set the domain name both the hostname and domain name are required for th
e encryption
keys to be generated:
Todd(config)#ip domain-name Lammle.com
3. Set the username to allow SSH client access:
Todd(config)#username Todd password Lammle
4. Generate the encryption keys for securing the session:
Todd(config)#crypto key generate rsa
The name for the keys will be: Todd.Lammle.com
Choose the size of the key modulus in the range of 360 to
4096 for your General Purpose Keys. Choosing a key modulus
Greater than 512 may take a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 6 seconds)
Todd(config)#
1d14h: %SSH-5-ENABLED: SSH 1.99 has been enabled*June 24
19:25:30.035: %SSH-5-ENABLED: SSH 1.99 has been enabled
5. Enable SSH version 2 on the router not mandatory, but strongly suggested:
Todd(config)#ip ssh version 2
6. Connect to the VTY lines of the switch:
Todd(config)#line vty 0 15
7. Configure your access protocols:

Todd(config-line)#transport input ?
all
All protocols
none
No protocols
ssh
TCP/IP SSH protocol
telnet TCP/IP Telnet protocol
Beware of this next line, and make sure you never use it in production b
ecause it s a horrendous
security risk:
Todd(config-line)#transport input all
I recommend using the next line to secure your VTY lines with SSH:
Todd(config-line)#transport input ssh ?
telnet TCP/IP Telnet protocol
<cr>
I actually do use Telnet once in a while when a situation arises that sp
ecifically calls for it. It just
doesn t happen very often. But if you want be able to use SSH or Telnet, her
e s how you do that:
Todd(config-line)#transport input ssh telnet
Know that if you don t use the keyword telnet at the end of the command stri
ng, then only SSH
will work on the device. You can go with either, just so long as you und
erstand that SSH is way
more secure than Telnet.