Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10952
Views
0
Helpful
3
Replies

Why this username and password doesn't work (SSH)?

Go to solution
news2010a
Level 3
Level 3

‎05-20-2009 11:30 AM - edited ‎03-06-2019 05:50 AM

Imagine that I have the following setup on my 2960 switch:

!

enable secret pass1

!

username magoo password pass2

!

line vty 0 4

password pass3

login

transport input ssh

!

Then I launch putty.exe and reach the 2960, I get username and password prompt OK.

I input username = magoo".

I input password "pass2" and that get a message "access is denied".

What am I missing here?

My intention is to force people to logon via ssh and get prompted to input

username = magoo and password = pass2 to access user exec mode.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎05-20-2009 11:34 AM

Change your login to "login local" under your line:

line vty 0 4

login local

I'm not sure if your switch supports it, as I don't have one to test, but you generally need an ssh key configured on a router (but since this is a switch, I'm not sure). You would do this by:

1.) Having a domain name configured

2.) Generating the key "crypto key generate rsa general-keys mod 1024"

See if your switch supports it because mine doesn't. (Now I need to figure out why I can't ssh into mine!) :)

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎05-20-2009 11:34 AM

Change your login to "login local" under your line:

line vty 0 4

login local

I'm not sure if your switch supports it, as I don't have one to test, but you generally need an ssh key configured on a router (but since this is a switch, I'm not sure). You would do this by:

1.) Having a domain name configured

2.) Generating the key "crypto key generate rsa general-keys mod 1024"

See if your switch supports it because mine doesn't. (Now I need to figure out why I can't ssh into mine!) :)

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
news2010a
Level 3
Level 3
In response to John Blakley

‎05-20-2009 11:59 AM

Yes, I generated the key - OK.

I did as you said with 'login local' and it works.

Just a confirmation:

If I do 'login local' under vty 0 15, this does not block me from logging on users via AAA in the future, right?

I will read more the docs to understand this...

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to John Blakley

‎05-20-2009 12:02 PM

Marlon

The reason that it is not taking the username and password is that the vty default to authenticating with the line password that is configured. And you have not done anything to change the default behavior. John's suggestion to specify login local is certainly one way to fix it. You could also get the result that you want by configuring aaa authentication to do local authentication.

[edit] I just saw your post asking about the relationship between login local and aaa authentication. When you start aaa authentication it will over ride the login local. So you can do login local until you are ready to start aaa. When you start aaa then it will take precedence over login local.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card