Your IOS version must include support for DES or 3DES crypto features, or this will not work. Recommends (and we do, too!) that SSH always be used instead of Telnet for security reasons. Provides a secured remote command-line interface using public key exchange and decent encryption.
It is slightly more complicated (but not difficult) to set up and Secure Shell, or SSH, is a good alternative. Telnet is a simple and effective way to remotely administer your router or switch, but it has one significant disadvantage: it is completely unencrypted, which means that everything you send across the network via Telnet could be read easily if intercepted. Know the password configuration commands cold. Router(config)#service password-encryption You can also apply encryption to the other passwords for the console, Privileged Exec VTY and TTY lines (but not the enable secret password ) using the service password-encryption command: To encrypt your Privileged EXEC password with an MD5 hash, use the enable secret command: These passwords will all appear in your configuration file in plain text anyone with access to that file could read them. They are used in a round-robin fashion, so setting a different password for each one is probably more of a hassle than a security benefit you can't be sure which line you just connected to and therefore which password to enter! It's common to Telnet to multiple devices concurrently when you are working on a network it's also possible that multiple admins could be working on or from the same device at the same time, each admin needing at least one VTY line.īy the way, there is no easy way to determine or predict which VTY line you are going to connect to. If you Telnet in, then Telnet out to some other device, you use 2 VTY lines. Why have so many VTY lines, when only one is used by a Telnet session? For that same reason, actually: One Telnet/SSH session uses one VTY line. Some newer switches and routers will show 16 lines, numbered 0 through 15 it's unlikely that this feature will be a factor on your test, however.
The command line vty 0 4 shown previously allows you to configure all of them at once by specifying the range of "0 4". For our purposes, there are five VTY lines, numbered 0, 1, 2, 3 and 4. The "V" in VTY stands for Virtual, because there is no associated hardware as there would be with the Console port or asynchronous serial (TTY) ports for modems. A word about VTY lines: A VTY line is used by both Telnet and SSH connections.
0 kommentar(er)
