SSH

Just Kennie · ‎05-23-2009

Do I need to enable AAA for SSH to work?

johnlloyd_13 · ‎05-23-2009

no, but it's optional. for ssh to work, all you need are 4 things: hostname, domain name, generate rsa key and enable ssh transport for vty lines

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#req

Just Kennie · ‎05-24-2009

Its wont work until I enable aaa new-model.

They It will request for local login.

Attached is the error message without aaa new-model configured.

Below is my config.

hostname JUSTKENNIE

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

ip cef

!

ip domain name computeIT.com

ip ssh version 2

!

username CISCO password 0 cisco

!

interface FastEthernet0/0

ip address 10.12.14.216 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip http server

no ip http secure-server

!

control-plane

!

banner login ^C ALLAH IS GREAT ^C

!

line con 0

line aux 0

line vty 0 4

no login

transport input telnet ssh

!

scheduler allocate 20000 1000

johnlloyd_13 · ‎05-24-2009

ssh will work with or without AAA. local login is the username and password configured on the router:

username CISCO password 0 cisco

have you tried entering the password "cisco"? kindly post show ssh and show ip ssh output.

Richard Burts · ‎05-24-2009

Actually there is a bit of a mismatch when you try to use SSH on a Cisco router without AAA new-model and with the default configuration of having a line password. The SSH wants to do a username and password but the router only wants to authenticate with a password (no username).

It is quite possible to resolve this without requiring aaa new-model. Just configure under the vty lines:

login local

this will cause the router to prompt for username and password and to use both in authentication.

HTH

Rick

HTH

Rick