06-26-2008 02:40 PM - edited 03-03-2019 10:30 PM
I am trying to setup an acess server to allow reverse telnets into a practice lab. I was able to get this working but I would like to be able to establish the reverse telnet sessions without entering a username and password. The access server is prompting me for a username and password whenever I create a new reverse telnet session. On a vty line you can enter "no login" and this keeps the router from prompting for a password. Is there a way to get an async line to allow access without a password?
Thanks!
06-26-2008 11:25 PM
Hi There
I don't think the problem is with your async lines.
Do you have the commands "login" and "password" configured on the console lines of the routers you are trying to reverse telnet to?
If yes, then remove these commands with the commands "no login" and "no password". This should allow you to reverse telnet without having to enter a password.
If you are aslo being asked to provide a username, then you will probaby have a line in your configuration like "username xxxxxx privilege level xx password xxxxx" and under the "con 0" portion of your configuration you would most likely have the line "login local".
Again remove both of these lines by putting a "no" in front of each.
N.B The username command is a global configuration level command. "login local" will be under the "line con 0" configuration level.
Also doing this will bring you to user exec mode and you would still need to enter the enable password to enter privileged exec mode. If you want your reverse telnet session to bring you straight into privileged exec mode, then enter the command "privilege level 15" under the "line con 0" configuration level.
HTH
Best Regards,
Michael
06-27-2008 05:25 AM
Hi Michael, thanks for the response. I confirmed that the login prompt is definitely coming from the access server. I don't want to remove the username from my access server. I need to maintain some level of authentication for it. I ended up using aaa to get around the problem. I am sure this is not the most elegant solution but it works.
The access server:
aaa new-model
aaa authentication login RT none
line con 0
logging synchronous
line 1 16
login authentication RT
no exec
transport input all
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 0 0
privilege level 15
logging synchronous
transport input ssh
The devices:
line con 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
This gets me reverse telnet into each device without entering a username and password while still requiring a username and password for the access server. If there is a better way to do this please let me know. Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: