You understand that Quagga allows telnet logins, and that telnet is completely insecure because it sends all traffic in cleartext. But you feel pretty safe on your own network, so you want to be able to log in and run your routers remotely. Not over the Internet, which would be suicidal, but just on your own LAN.
You'll need to configure your daemons to listen on all interfaces, and then configure access controls in each daemon's configuration file.
On Debian, edit /etc/quagga/debian.conf to allow your daemons to listen to all interfaces:
vtysh_enable=yes zebra_options=" --daemon" ripd_options=" --daemon"
Do the same thing in Fedora, in /etc/sysconfig/quagga.
Then, add these lines to the daemon's configuration files, like this example for zebra. conf:
access-list localhost permit 127.0.0.1/32 access-list localhost deny any access-list lan1 permit 192.168.1.0/24 access-list lan1 deny any access-list lan2 permit 192.168.2.0/24 access-list lan2 deny any ! line vty access-class localhost access-class lan1 access-class lan2
That allows logins from localhost and two local subnets, and no
one else. Each one is given a separate class; this lets you disable
access by commenting out an access-class line.
Then, on Debian, restart Quagga:
# /etc/init.d/quagga restartOn Fedora, restart each daemon individually:
# /etc/init.d/zebra restart
# /etc/init.d/ripd restartNow, you should be able to telnet in from your LAN neighbors by specifying the IP address or hostname and port number:
terry@uberpc:~$ telnet xena 2601The access-list names, which
in this example are localhost, lan1, and
lan2, are whatever you want them to be.
The example in this recipe is fairly complex, and controls access per subnet. You could simplify it by lumping everything into a single access list:
access-list allowed permit 127.0.0.1/32 access-list allowed permit 192.168.1.0/24 access-list allowed permit 192.168.2.0/24 access-list allowed deny any ! line vty access-class allowed
Quagga documentation: http://www.quagga.net/docs/docs-info.php
/usr/share/doc/quagga
man 8 ripd
man 8 zebra