Telnet has long been used to remotely connect to Cisco routers. It is a useful mechanism for administering Cisco devices. However, telnet is an insecure tool, with usernames and passwords transmitted in an unencrypted manner. Telnet should be replaced with Secure Shell (SSH), which encrypts and protects sessions from prying eyes.
SSH was first introduced to various Cisco IOS platforms with v12.0(5)S. There are currently two versions of SSH available on Cisco routers, SSHv1 and SSHv2. SSHv1 is the more common version, using a DES key for encryption. SSHv2 is available on certain router classes, and requires 3DES encryption licensing.
The following steps will enable SSH on a Cisco router, as well as disable telnet:
! Assign a host name for the router hostname myrouter ! Create at least one local user account aaa new-model username cisco password cisco ! Assign a DNS domain name for the router ip domain-name yourdomain.com ! Generate an RSA key crypto key generate rsa ! Configure SSH timeout and retries settings ip ssh time-out 60 ip ssh authentication-retries 3 ! Enable SSH on VTYs line vty 0 4 transport input ssh |