Access Server reverse telnet

Unanswered Question
Jun 26th, 2008

I am trying to setup an acess server to allow reverse telnets into a practice lab. I was able to get this working but I would like to be able to establish the reverse telnet sessions without entering a username and password. The access server is prompting me for a username and password whenever I create a new reverse telnet session. On a vty line you can enter "no login" and this keeps the router from prompting for a password. Is there a way to get an async line to allow access without a password?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hi There

I don't think the problem is with your async lines.

Do you have the commands "login" and "password" configured on the console lines of the routers you are trying to reverse telnet to?

If yes, then remove these commands with the commands "no login" and "no password". This should allow you to reverse telnet without having to enter a password.

If you are aslo being asked to provide a username, then you will probaby have a line in your configuration like "username xxxxxx privilege level xx password xxxxx" and under the "con 0" portion of your configuration you would most likely have the line "login local".

Again remove both of these lines by putting a "no" in front of each.

N.B The username command is a global configuration level command. "login local" will be under the "line con 0" configuration level.

Also doing this will bring you to user exec mode and you would still need to enter the enable password to enter privileged exec mode. If you want your reverse telnet session to bring you straight into privileged exec mode, then enter the command "privilege level 15" under the "line con 0" configuration level.

HTH

Best Regards,

Michael

izackvail Fri, 06/27/2008 - 05:25

Hi Michael, thanks for the response. I confirmed that the login prompt is definitely coming from the access server. I don't want to remove the username from my access server. I need to maintain some level of authentication for it. I ended up using aaa to get around the problem. I am sure this is not the most elegant solution but it works.

The access server:

aaa new-model

aaa authentication login RT none

line con 0

logging synchronous

line 1 16

login authentication RT

no exec

transport input all

line aux 0

line vty 0 4

exec-timeout 0 0

privilege level 15

logging synchronous

transport input ssh

line vty 5 15

exec-timeout 0 0

privilege level 15

logging synchronous

transport input ssh

The devices:

line con 0

privilege level 15

logging synchronous

line aux 0

line vty 0 4

This gets me reverse telnet into each device without entering a username and password while still requiring a username and password for the access server. If there is a better way to do this please let me know. Thanks!

Actions

This Discussion