config for enabling SSH

Answered Question
Mar 12th, 2008

Hi,

The following were added to a Cisco router to enable secure remote access, however the Telnet password is not recognized, thus can not log in to the router. The following is the config. Any suggestions would be appreciated.


ip domain-name yyygroup.com

crypto key gen rsa

1024

ip ssh version 2

ip ssh timeout 60

line vty 0 4

transport input telnet ssh

Correct Answer by Jon Marshall about 8 years 11 months ago

Hi


You cannot use the line password for access with ssh. You either need to configure a local username/password on the router for use with ssh or setup ssh access via TACACS+/Radius.


Edit - should have said, to create a local username/password


router(config)# username password


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 03/12/2008 - 15:19

Hi


You cannot use the line password for access with ssh. You either need to configure a local username/password on the router for use with ssh or setup ssh access via TACACS+/Radius.


Edit - should have said, to create a local username/password


router(config)# username password


HTH


Jon

saidfrh Wed, 03/12/2008 - 16:43

Jon,


I entered a user name and password. Puttying in to the remote router asks for a password. The above password associated with the username did not work. After using Putty to access the router, the username was not asked. Any suggestion would be appreciated.

Jon Marshall Wed, 03/12/2008 - 16:57

Hi


You need to tell the router that you want to use local authentication ie.


router(config)# aaa authentication login default local


Jon

saidfrh Wed, 03/12/2008 - 20:55

Jon,

Thanks. I selected line authentication option, thus using the Vty passwd to login using SSH/Putty. Do you know how to configure 3Des for encrypting the passwords in the router?


Said


royalblues Thu, 03/13/2008 - 01:06

Create the username with the secret keyword rather than password which will encrypt the password using MD5


username privelege secret


IF your IOS does not support the secret option, you can use service password-encryption in the global config which will also encrypt the password. This encryption though is very weak and can be cracked using any available password cracking tools


HTH

Narayan

Actions

This Discussion