Telnet Service Security Analysis

Source: Internet
Author: User
Tags ssh server

When using the Telnet service, we will find many security risks. To make our network more secure, we will consider using other protocols to replace the use of the Telnet service. Here we will introduce the replacement of the SSH protocol. SSH is an industry standard that replaces the Telnet service and other remote console management applications. SSH commands are encrypted and kept confidential in several ways.

When using SSH, a digital certificate will authenticate the connection between your workstation on the client and your network device on the server, and encrypt the protected password. SSH1 uses the RSA encryption key, and SSH2 uses the digital signature algorithm DSA) to protect the connection and authentication.

Encryption algorithms include Blowfish, Data Encryption Standard DES), and triple DES3DES). SSH protects and helps prevent spoofing, mitm attacks, and packet monitoring.

The first step to implement SSH is to verify that your device supports SSH. log on to your vro or vswitch and check whether you have loaded an IPSec IOS image that supports SSH.

In our example, we will use the Cisco IOS command. Run the following command:

 
 
  1. Router> Show flash 

This command displays the name of the loaded IOS image. You can use the result to compare the list of supported features of your vendor.

After you verify that your device supports SSH, make sure that the device has a host name and a correctly configured host domain, as shown below:

 
 
  1. Router> config terminal  
  2. Router (config)# hostname hostname  
  3. Router (config)# ip domain-name domainname 

At this time, you can enable the SSH server on the router. To enable the SSH server, you must first use the following command to generate a pair of RSA keys:

 
 
  1. Router (config)# crypto key generate rsa 

SSH is automatically enabled when an RSA key is generated on the vro. If you delete the RSA key, the SSH server is automatically disabled.

The last step to implement SSH is to enable authentication, authorization, and audit AAA ). when configuring AAA, specify the user name and password, Session Timeout, and the number of attempts allowed for a connection. run the following command:

 
 
  1. Router (config)# aaa new-model  
  2. Router (config)# username password  
  3. Router (config)# ip ssh time-out  
  4. Router (config)# ip ssh authentication-retries 

To verify that you have configured SSH and it is running on your vro, run the following command:

 
 
  1. Router# show ip ssh 

After verifying the configuration, you can force the users you add during the AAA configuration process to use SSH instead of the Telnet service. you can also use SSH in the virtual terminal vty connection to achieve the same purpose. here is an example:

 
 
  1. Router (config)# line vty 0 4  
  2. Router (config-line)# transport input SSH 

Before closing the existing Telnet Service session, you need an SSH client program to test your configuration. I strongly recommend PuTTY; it is free, and it is an excellent terminal software.

Last thought

After you enable SSH on your vro and vswitch, make sure that you have modified all existing access control lists to allow connections to these devices. you can report to your superiors that you have blocked a huge security vulnerability: all network management sessions are encrypted and protected.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.