From a46342702fbd869e9f1bdfb9ab3b83cb2ad122d3 Mon Sep 17 00:00:00 2001 From: Jon Sands Date: Sat, 6 Aug 2022 08:42:23 -0400 Subject: [PATCH] clean up telnet disable commands --- docs/icx6xxx-adv.md | 19 +++++++++---------- docs/icx7xxx-adv.md | 4 +++- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/icx6xxx-adv.md b/docs/icx6xxx-adv.md index 37f9251..608bccd 100644 --- a/docs/icx6xxx-adv.md +++ b/docs/icx6xxx-adv.md @@ -21,6 +21,15 @@ We also need to tell it to use our new local user account(s) to authorize attemp aaa authentication login default local aaa authentication web default local ``` + +We should also disable telnet as it's quite insecure. If the switch is located outside your home, password protect the serial console port as well: + +``` +no telnet server +#optional: password protect the serial port: +enable aaa console +``` + If you wanted to use the web UI (I don't recommend using it, really), you can now log into it using the credentials you created above. By default, the web server is http only. If you want to disable the web server, just run: ``` no web-management http @@ -102,16 +111,6 @@ Once you get an `ssl-certificate creation is successful` message in the consol ``` That's it! the web UI should now use your cert when loaded via HTTPS -You should enable authentication for telnet access: -``` -enable telnet authentication -``` -If your switch is outside of your home, or accessible by others, telnet should be disabled entirely, and access to the serial console should also be password protected. Otherwise skip this step at your discretion: - -``` -no telnet server -enable aaa console -``` ### Optional: Key Based SSH Access If you have followed the above to set up authentication, and also wish to disable password-based SSH login and set up a key pair instead, follow this section. If not, skip it. Enable key login, and disable password login: ``` diff --git a/docs/icx7xxx-adv.md b/docs/icx7xxx-adv.md index 7832bb8..11c41d1 100644 --- a/docs/icx7xxx-adv.md +++ b/docs/icx7xxx-adv.md @@ -17,10 +17,12 @@ By default, the switch has the `super` user that you set a password for previous aaa authentication login default local aaa authentication web default local ``` -We should also disable telnet as it's quite insecure: +We should also disable telnet as it's quite insecure. If the switch is located outside your home, password protect the serial console port as well: ``` no telnet server +#optional: password protect the serial port: +enable aaa console ``` If you wanted to use the web UI (I don't recommend using it, really), you can now log into it using the credentials you created above. By default, the web server is http only. If you want to disable the web server, just run: ```