Use SSH instead of Telnet to encrypt sensitive information in transit.
Here is an example of a standard configuration:
Here are the key elements, defined:
- SSH requires a hostname, domain name, and the crypto key generate rsa modulus <length> command. Then the ip ssh version <version> command is configured to enable it.
- A local username is defined with priv 15 and will be hashed
- An access-list is defined to classify the permitted management sources, and includes an explicit deny statement with logging enabled
- On the VTY lines, it all comes together. SSH is specified for the only allowed input protocol, the use of the local password repository is specified, and it is restricted via the access-list.
Stuck-in-Active: Journal of an IT-Network Administrator 