Scribd
Upload
34 views18 pages

Telnet

Uploaded by

Debadutta Nayak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
34 views18 pages

Telnet

Uploaded by

Debadutta Nayak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Remote Login Protocols

telnet & ssh

SDC CNW (CSE 4541)

CSE, FET, ITER


SOA University, BBSR-30

CNW CSE4541 telnet-ssh


CNW CSE4541 telnet-ssh
References

Glen E. Clarke & Richard Deal


CCT/CCNA
Routing & Switching Exam Guide
McGrawHll

Todd Lammle
CCNA
Routing & Switching Study Guide
SYBEX, A Wiley Brand

CNW CSE4541 telnet-ssh


Discussion Flow

Introduction
SSH - Secure Shell

Remote Access to Cisco


Device SSH Configuration

Telnet - Terminal Network Practice on SSH

Review Questions

CNW CSE4541 telnet-ssh


Introduction
 Telnet and secure shell(ssh) are application layer protocols used for re-
mote login.

Both uses TCP at transport layer with port number for telnet is 23 and for
ssh is 22.

They allow a user on a remote client machine to access the resources of


another machine.

Secure Shell (SSH) is more secure than telnet as telnet does not support
any encryption techniques.

Secure Shell (SSH) protocol sets up a secure session that’s similar to


Telnet over a standard TCP/IP connection.

CNW CSE4541 telnet-ssh


Remote Access to Cisco Device
In many instances, it may not be possible to be physically in front of your
IOS device to manage it.

It can be can optionally managed remotely by accessing its CLI via telnet
or SSH, or it can be managed using GUI with a web browser.

To access IOS devices CLI remotely, first it’s VTY is set.

If a layer 2 IOS switch is accessed, It will need to assign an IP address


to a VLAN interface.

If a router is accessed, it will need to assign an IP address to one of its


interfaces and enable it

CNW CSE4541 telnet-ssh


Telnet- Terminal Network
 A terminal emulation program that is used to access remote servers.

It was one of the first Internet standards, developed in 1969.

It is an application layer protocol that uses TCP with port number 23.

It uses an 8-bit, byte-oriented data connection over TCP

It allows a user on a remote client machine, called the Telnet client, to


access the resources of another machine, the Telnet server, in order to
access a command-line interface.

There are no encryption techniques available within the Telnet protocol,


so everything must be sent in clear text, including passwords.

Users begin a Telnet session by running the Telnet client software and
then logging into the Telnet server.

CNW CSE4541 telnet-ssh


A Telnet client trying to connect to a Telnet server

CNW CSE4541 telnet-ssh


Telnet on CISCO Devices
line vty command: To set the user-mode password for Telnet access into
the router or switch.
Switch: Telnet configuration Router: Telnet configuration

switch>enable Router>enable
switch#config t Router#config t
switch(config)#line vty 0 5 ... #line vty 0 4
switch(config-line)#password telnet #password telnet2
switch(config-line)#login #login
switch(config-line)#exit Router(config-line)#exit

Command Description:

line vty: line configuration


line vty 0 4: No of concurrent users
password: command to set passwordtext
login: Telnet connection with password
no login: Telnet connections without password
Telnet acess: from any command prompt (DOS or Cisco)

CNW CSE4541 telnet-ssh


Telnet on Layer 2 Switch
Set vty line, telnet password and login PC1
for local authentication
switch>enable
switch#config t Switch
PC2 Set the Vlan Ip
switch(config)#line vty 0 5 192.168.10.10
switch(config-line)#password telnet
switch(config-line)#login
switch(config-line)#ctrl+z PC3

Set enable password and vlan IP


switch#config t
switch(config)#enable password user
switch(config)#interface vlan 1
switch(config-if)#ip address 192.168.10.10 255.255.255.0
switch(config-if)#no shutdown
switch(config-if)#exit

Access from PC/IOS Device


1) On PC command prompt: c:\>telnet 192.168.10.10
2) On switch cli prompt: telnet 192.168.10.10

CNW CSE4541 telnet-ssh


Telnet on Router
Set vty line, telnet password and login PC1 Router
for local authentication 192.168.10.10
Interface
Router>enable
Router#config t
Router(config)#line vty 0 5
PC2 Switch
Router(config-line)#password telnet
Router(config-line)#login
Router(config-line)#ctrl+z PC3

Set enable password and Interface IP


Router#config t
Router(config)#enable password user
Router(config)#interface gig0/0/0
Router(config-if)#ip address 192.168.10.10 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit

Access from PC/IOS Device


1) On PC command prompt: c:\>telnet 192.168.10.10
2) On Router cli prompt: telnet 192.168.10.10

CNW CSE4541 telnet-ssh


Telnet on a Switch present in OFF-Network
Access
the switch
Set default SW1
gateway on through
SW1 telnet
Configure
SW1 telnet here

Figure: Accessing a switch from distant network through telnet


Configuration
Configure IP addresses for the topology.
Add routing as per requirement.
Configure telnet at switch SW1.
Assign IP address at the Vlan 1 interface on switch SW1.
Configure: SW1(config)#ip default-gateway <gateway ip>

CNW CSE4541 telnet-ssh


SSH - Secure Shell
- The most common tools used by network administrators to manage their
devices remotely is the telnet application.

- Telnet enables access to the CLI of a device.

- The problem with telnet : all information are sent in clear text, including
username and/or password.

- Since we dont want someone eavesdropping on our connection and see-


ing everything we do - logging in, viewing the operation of
the device, configuring the device, and authentication traffic.
So, we need to protect ourself by encrypting the traffic.

- The easiest way to accomplish this is to replace the use of telnet with
SSH (Secure Shell).

- SSH uses RSA as an encryption algorithm to encrypt any data sent be-
tween us and our networking device.

- SSH uses TCP at transport layer with port number 22.

- SSH is actually disabled by default on your IOS device.

CNW CSE4541 telnet-ssh


SSH Configuration
The following configuration will be needed to set up SSH on our Cisco device
so that we can use an SSH client to access it,
- A local username and password: SSH requires both a username and
password configured on the device (command: username configures both).
- A hostname and a domain name: Hostname and domain name are
required to label the RSA key pair on the IOS device (command: hostname
and ip domain-name).

- RSA public and private keys: We will need to generate the encryption
keys. These are used to encrypt and decrypt data that travels through
the remote-access connection (command: crypto key generate rsa).
- The SSH version to use: We should configure the specific SSH version
we want to use. The default is version 1, but the recommended version
to use is 2 (ip ssh version).
- Restricting VTY access: Finally, we will ensure that remote access can
be achieved only through SSH and not telnet, because telnet does not
encrypt communication. By default, telnet is allowed on the VTYs- we
should ensure that only SSH access is allowed (command: login local
and transport input line-subconfiguration).

CNW CSE4541 telnet-ssh


SSH Configuration Putting all together
Ê Set the local user name and password:
Router(config)#username admin password admin@123

Ë Set the hostname: Router(config)#hostname


Ì Set the domain name: Router(config)#ip domain-name cnw.edu
Í Generate the encryption key for securing the session:
Router(config)#cryptokey generate rsa

Î Enable SSH vesrsion 2 on the device (Not mandatory, recommended):


Router(config)#ip ssh version 2

Ï Connect to VTY line of the device:


Router(config)#line vty 0 5

Ð Tell the line to use the local database for username and password:
Router(config-line)#login local

Ñ Configure access protocol:


Router(config-line)#transport input ?
Router(config-line)#transport input ssh
Router(config-line)#exit

CNW CSE4541 telnet-ssh


Practice Question
Configure SSH on Switch
PC1

Switch
PC2 Set the Vlan Ip
192.168.10.10

PC3

Configure SSH on Router


PC1 Router
192.168.10.10
Interface

PC2 Switch

PC3

CNW CSE4541 telnet-ssh


Review Questions
1. Which of the following commands will configure all the default VTY ports on a
switch?

(A) Switch# line vty 0 (C) Switch(config-if)#line


4 console 0
(B) Switch(config)#line (D) Switch(config)#line
vty 0 4 vty all

2. Which of the following prompts indicates that the switch is currently in privileged
mode?

(A) Switch(config)# (C) Switch#


(B) Switch> (D) Switch(config-if)#

3. To which interface an IP can be assigned to a switch

(A) interface fa0/1 (C) Both


(B) VLAN interface (D) None of the interface

CNW CSE4541 telnet-ssh


THANK YOU

CNW CSE4541 telnet-ssh

You might also like