Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
3
Replies

Device Passwords. Using SSH, Console, VTY, and AAA

Go to solution
nelson.garcia
Level 1
Level 1

‎10-14-2009 07:26 AM

I know that without using SSH, and strictly using telnet, console, I can set a password for both my VTY lines and the console separately.

When I enable AAA for local SSH username and passwords, it asks me for a username and password even when I only connect using the console, when before enabling AAA, connecting to the console would just ask me for the password, and not a username and password.

Is this normal?

Does enabling AAA username and passwords take precedence over all authentication on all ports?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎10-14-2009 08:41 AM

Nelson

Yes this is normal. And yes enabling aaa new-model does take precedence over all authentication on all ports.

If you still want to login on the console and just use the console password it is possible to configure the router to do this (though frankly AAA is usually more secure and is preferred). If you want the console to authenticate with the line password the config might look something like this:

aaa authentication login cons_auth line

line con 0

login authentication cons_auth

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎10-14-2009 08:41 AM

Nelson

Yes this is normal. And yes enabling aaa new-model does take precedence over all authentication on all ports.

If you still want to login on the console and just use the console password it is possible to configure the router to do this (though frankly AAA is usually more secure and is preferred). If you want the console to authenticate with the line password the config might look something like this:

aaa authentication login cons_auth line

line con 0

login authentication cons_auth

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
nelson.garcia
Level 1
Level 1
In response to Richard Burts

‎10-14-2009 09:08 AM

Thanks so much, Rick. Helps a lot.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to nelson.garcia

‎10-14-2009 09:29 AM

Nelson

I am glad that my response was helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there was a response which did lead to a solution.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents