Telnet vs. Secure Shell - idle-timeout

Information

Telnet is insecure by nature as it sends all traffic across the wire in clear text, including user names and passwords. Anyone snooping or sniffing network traffic will be able to intercept these credentials and potentially gain management access to the device. It is recommended to use Secure Shell (SSH) instead of Telnet, as it uses asymmetric encryption to exchange keys and create a secure management session. In addition, setting an idle timeout period for login sessions can prevent unauthorized access when a management session is left unattended.

Solution

Use the following commands to enable SSH, disable the Telnet server, and set an idle timeout of 5 minutes for SSH management sessions:

switch(config)# crypto key generate ssh
switch(config)# ip ssh
switch(config)# no telnet-server
switch(config)# idle-timeout 5

For details, refer to the chapter titled "Configuring Secure Shell (SSH)" in the ArubaOS-Switch Access Security Guide.

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12

Plugin: ArubaOS

Control ID: 57664f465dc0528b211d420e38f044c0cee76c86fc5e9e7507bee55c38cf8840