Virtual Teletype for Telnet and SSH
Talk
about devices configuration (router, switch, hub, server), for the
first time, all of them have to be configured directly via console
before it can be reconfigured or managed remotely via Telnet or SSH.
In order to manage device remotely, first, we have to create gate at
the device. In this case, we have something named vty or virtual
teletype. Actually, This gate has axis in the router or switch but if
we don’t set the password of them we will be rejected automatically
by the device when we try to access to them via Telnet or SSH.
“Virtual
teletype (VTY) is a command line interface (CLI) created in a
router and used to facilitate a connection to the daemon via Telnet,
a network protocol used in local area networks.” (techopedia.com)
Let’s
get started to configure the vty. It is very simple actually, just
enter to global configuration and then execute line vty than set the
password.
router>enable
router#configure
terminal
router(config)#line
vty 0 5
router(config-line)#password
cisco
done!
easy right?! If you have configured the vty then you can remotely
enter user exec mode the device.
And
come to next question, can we than configure the device remotely now?
The answer is NO!. Why? Because, if we want to enter the privileged
exec mode remotely via telnet or SSH, you have to create new gate to
enter the privileged exec mode or simply the device will reject you
because the password is not set yet. It is standard security from
Cisco. So we have to set it, too.
Let’s
do it!
router>enable
router#configure
terminal
router(config)#enable
password cisco
DONE!
yeeaaahh it is so simple too :D
Here,
we have two type of security. First is password and the second is
secret. The differences of them are that password is plain text and
secret is encrypted. To verify it just type command “show
running-config” at privilaged exec mode and it will show you them.
To
create secret, it uses same way like password but you change password
by secret
router>enable
router#configure
terminal
router(config)#enable
secret cisco
Now,
try to telnet or ssh your router via terminal.
Once
again, remember that all first configuration we made in router or
switch is done via console. In packet tracer, we can simply configure
directly via router as if we can access router without any computer
but in fact that, we need another computer such as laptop as media to
access and control the router and it is done via console.
This
all configuration will help you to build up the security of your
network. But, for some reason maybe you don’t want to access the
router via telnet with any login attribut like username or password.
Is it possible? Yes, it is. I found this something interesting from
compinfopro.com that we can telnet to router without enter user exec
mode or we can directly login to privilege exec mode. Just follow
this step guys,
router#configure
terminal
router(config)#line
vty 0
router(config-line)#privilege
level 15
router(config-line)#no
login
now try
to telnet the router and you will find that you directly enter
privilege exec mode. But becarefull, this way is very unsecure way to
do.
Thanks to the sources:
Comments
Post a Comment