config for enabling SSH

Answered Question
Mar 12th, 2008

Hi,

The following were added to a Cisco router to enable secure remote access, however the Telnet password is not recognized, thus can not log in to the router. The following is the config. Any suggestions would be appreciated.

ip domain-name yyygroup.com

crypto key gen rsa

1024

ip ssh version 2

ip ssh timeout 60

line vty 0 4

transport input telnet ssh

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 9 months ago

Hi

You cannot use the line password for access with ssh. You either need to configure a local username/password on the router for use with ssh or setup ssh access via TACACS+/Radius.

Edit - should have said, to create a local username/password

router(config)# username password

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 03/12/2008 - 15:19

Hi

You cannot use the line password for access with ssh. You either need to configure a local username/password on the router for use with ssh or setup ssh access via TACACS+/Radius.

Edit - should have said, to create a local username/password

router(config)# username password

HTH

Jon

saidfrh Wed, 03/12/2008 - 16:43

Jon,

I entered a user name and password. Puttying in to the remote router asks for a password. The above password associated with the username did not work. After using Putty to access the router, the username was not asked. Any suggestion would be appreciated.

Jon Marshall Wed, 03/12/2008 - 16:57

Hi

You need to tell the router that you want to use local authentication ie.

router(config)# aaa authentication login default local

Jon

saidfrh Wed, 03/12/2008 - 20:55

Jon,

Thanks. I selected line authentication option, thus using the Vty passwd to login using SSH/Putty. Do you know how to configure 3Des for encrypting the passwords in the router?

Said

royalblues Thu, 03/13/2008 - 01:06

Create the username with the secret keyword rather than password which will encrypt the password using MD5

username privelege secret

IF your IOS does not support the secret option, you can use service password-encryption in the global config which will also encrypt the password. This encryption though is very weak and can be cracked using any available password cracking tools

HTH

Narayan

Actions

This Discussion