VTY line when configuring SSH

veritas_libertas

So I'm a little confused. What does this line mean?

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet is disabled and only SSH is supported.

line vty 0 4


transport input SSH

!--- Instead of aaa new-model, you can use the login local command.

I guess in my mind I cannot understand why you would be modifying the vty. I thought that after enabling SSH telnet was no longer in use.

In my Todd Lammle CCENT book it tells me to connect to the VTY lines of the router/switch. Again, I don't get it

tiersten

VTY = Virtual Terminal

vtys are used for SSH and telnet. They're just remote terminal sessions. The console and aux port get their own sessions as only 1 person can be using each and they're actual physical ports so not vtys.

seekrit

Transport incoming ssh just tells the router to accept only SSH as incoming layer 3 connections and deny everything else. If you want to enable SSH and Telnet you have to add 'telnet' after ssh. 'Transport input ssh telnet'. Same going for the output options. Some people just use the 'all', allowing everything to connect and then use ACL's to deny connection privileges..

veritas_libertas

tiersten wrote: »

VTY = Virtual Terminal

vtys are used for SSH and telnet. They're just remote terminal sessions. The console and aux port get their own sessions as only 1 person can be using each and they're actual physical ports so not vtys.

So when I type in something like "line vty 0 4" I'm specifying which connections/ports for SSH? This is one part I'm still a little confused on.

I found this thread which seems to shine a little more light on the subject for me: http://www.techexams.net/forums/ccna-ccent/34147-need-explanation-line-vty-0-4-a.html

impz

veritas_libertas wrote: »

So when I type in something like "line vty 0 4" I'm specifying which connections/ports for SSH? This is one part I'm still a little confused on.

I found this thread which seems to shine a little more light on the subject for me: http://www.techexams.net/forums/ccna-ccent/34147-need-explanation-line-vty-0-4-a.html

just like how you use "line console 0" to configure stuff for the console, you use "line vty 0" to configure "virtual terminals" or simply, telnet and ssh connections into your router/switch.

From the CBT Nuggets video, I get the impression that if you configure ,

"line vty 0" - you are just going to allow one connection to telnet/ssh into your switch/router

"line vty 0 1" - 2 concurrent connections

"line vty 0 2" - 3 concurrent connections etc. etc.

Older routers/switches with the old IOS will only allow up to line vty 0 4 (5 concurrent connections) and that 's why most books will tell you to use "line vty 0 4" while newer models/IOS allow for line vty 0 15 (16 concurrent connections)

According to Odom, "transport input all" is default on cisco router/switch which allows all methods of connection including both telnet and ssh but if you use "transport ssh" , you are ONLY allowing SSH connections to be established (with the exception of console access) and similarly if you use "transport telnet", you are effectively ONLY allowing telnet connections (with the exception of console access.

veritas_libertas

Thanks everyone! That really cleared it up for me. I can't understand why that wouldn't have been explained in the book.

Back to the books