IOS SSH AAA help!!

Answered Question
May 5th, 2009
User Badges:

Hi All,

I have this config:


aaa authentication login default local line enable

aaa authorization console

aaa authorization exec default local

aaa authorization network default local


line vty 0 4

password Gr834!

transport preferred ssh

transport input ssh

transport output ssh


then create username "admin" with privilege 15. But I can't login to SSH with this username and password? I've already generated public key on the router.

any idea would be very appreciated.

thanks

Alex



Correct Answer by nomair_83 about 8 years 1 month ago

try this:


username cisco password cisco

enable secret cisco


ip domain-name nsp.org

crypto key genrete rsa 1024

ip ssh version 2


line vty 0 4

transport input all

exit

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
nomair_83 Wed, 05/06/2009 - 01:11
User Badges:
  • Bronze, 100 points or more

try this:


username cisco password cisco

enable secret cisco


ip domain-name nsp.org

crypto key genrete rsa 1024

ip ssh version 2


line vty 0 4

transport input all

exit

nomair_83 Wed, 05/06/2009 - 23:29
User Badges:
  • Bronze, 100 points or more

SSH normally works with minimum 1024.





Here is a complete ssh config that doesn't need a hostname or domain name:


crypto key gen rsa gen label SSH_Keys mod 1024


ip ssh ver 2

ip ssh authentication-retries 3

ip ssh time-out 90

ip ssh source-interface loopback0


username test secret [email protected]

enable secret s3cr3tPassw0rd!


aaa new-model

aaa authentication login default local

aaa authentication enable default enable


line vty 0 4

transport input ssh


I would recommend AGAINST creating level 15 usernames.

Actions

This Discussion