(1) Appropriate wording in the banner message should be considered for giving security notice for those attempting unauthorized access. - - - - - (2) In the configuration, the: "no login", command can also be seen under the line vty, which makes the router not to ask for a login when accessing the router through Telnet even though it has a password./ - - - - - [The VTY and enable passwords are encrypted passwords. To enable HTTP Server authentication use the command _R1(config)# ip http authentication {aaa | enable |local | tacacs}, which cannot be found on the configuration] - - > For more information refer to: [http://www.cisco.com/c/en/us/td/docs/ios/122/termserv/command/reference/ftersvr/trfabout.html] - - - - - - -(3) For security, we shouldn't be allowing clear-text telnet, even if the password is encrypted in the running-config, that only admins will probably ever see: Change to: "transport input ssh" which won't allow any access but SSH - - - - (4) For SSH you should require either: an AAA -Server, or in this case, just use: "login local" which will use the globally configured username: 'cisco'/ - - - - - - The RSA-Keys are generated with a combination of the Hostname, and the configured: "ip domain-name". Most IOS's won't allow you to use one of the default-hostname (Router or Switch). And most IOS's will allow almost anything as an: "ip domain-name" (i.e. '123', 'xxx', 'ACME', "!", and "#.cipher.now-gone") for more info see: { http://www.zipz-services.com/skillset/SSH-Versionsabout.pdf } -and- { http://www.zipz-services.com/skillset/SSH-Basics-for-CCNA-2015.pdf }