Telnet is not secure. Data contained within a Telnet packet is transmitted unencrypted. For this reason, it is highly recommended to enable SSH on devices for secure remote access. It is possible to configure a Cisco device to support SSH using four steps.
Step 1. Ensure that the router has a unique hostname, and then configure the IP domain name of the network using the ip domain-name command in global configuration mode.
Step 2. One-way secret keys must be generated for a router to encrypt SSH traffic. To generate the SSH key, use the crypto key generate rsa general-keys command in global configuration mode. The specific meaning of the various parts of this command are complex and out of scope for this course.
Just note that the modulus determines the size of the key and can be configured from 360 bits to 2048 bits. The larger the modulus, the more secure the key, but the longer it takes to encrypt and decrypt information. The minimum recommended modulus length is 1024 bits.
Step 3. Create a local database username entry using the username global configuration command.
Step 4. Enable inbound SSH sessions using the line vty commands login local and transport input ssh.
The router can now be remotely accessed only by using SSH.