Answer: Enabling SSH and Disabling Telnet

By certskills September 19, 2015 12:05

This #CCENT lab may have seemed simple at first, but it has just enough steps so that it is easy to miss a step. If you did the lab on paper only, make sure to check your answer here – but of course try the lab first. As usual with these labs, the goal is straightforward requirements, straightforward answers, and a few comments to uncover any gotchas with the lab. Enjoy!

Answers sit below the fold.


Switch Configuration



Telnet transmits information in a non-encrypted form and the information can be intercepted while traversing a network. SSH provides a more secure communications method, encrypting all communications using an encryption key. That communication includes the initial login, which must use a username/password pair.

The initial configuration in this lab partially enabled SSH access and fully enabled Telnet access, as the result of both default settings and configured settings. The switch allowed incoming Telnet and SSH because of a default VTY setting of transport input all (meaning all methods, including both Telnet and SSH). The final command in the answer (Example 2) changes that setting to allow only SSH.

However, the initial configuration did not fully configure SSH access. First, the switch needs to generate an encryption key. That key generation process can (and does in this case) use the switch’s domain name as input. So the first two commands in Example 2 basically (1) define the input to the key generation process (ip domain-name and then (2) generates the key.

Finally, SSH requires the use of a username/password pair rather than a shared password. So, the configuration shows the login local command under the VTY ports, enabling the user of local username/password pairs rather than a password without a username. Additionally, the global command username Barney secret Rubble – which creates a username/password with an admittedly weak but fun password – is at least an encrypted password through use of the username secret command instead of the username password command.

Enabling SSH and Disabling Telnet
OSPF Network Config 1
By certskills September 19, 2015 12:05
Write a comment


  1. Yeah Mate March 31, 07:16

    Another very good lab, Wendell!

    Reply to this comment
  2. khan December 17, 10:35

    but modulus is not mentioned in the answer as the question states generate keys with strongest encryption

    Reply to this comment
  3. Benjamin Balfour January 1, 16:24

    Thanks Wendell, great lab!

    Reply to this comment
  4. Munachimso Victor Nwaiwu June 3, 03:15

    Good day sir,

    I tried verifying my the ssh through the pc1 (I configured he setup on packet tracer) but it did not work. I used the command “ssh root@” but the PC command prompt kept saying invalid command.

    I also tried from the hrputer but it did not work

    please how should I verify SSH is working

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.