06-02-2003 01:56 PM - edited 03-09-2019 03:30 AM
We need to start using SSH Company wide. We have about 800 remote VPN sites that have 1710 routers with an IOS that supports SSH. I can configure SSH and it works great but the problem I have is with usernames and passwords. We already have usernames and passwords configured in each router for dial backup purposes and I dont want these usernames and passwords to be used for the SSH login, I only want one administrator password listed for vty and console logins. We dont want to use TACACS or RADIUS with an ASC server for these remote sites just a local username and password. Is there a way I can specify this password is just used for vtp and console ports and the other passwords are just used by the dialer interface? Any suggestions would be appreciated.
06-03-2003 05:03 PM
I hope I understood your question correctly. You are basically trying to define "login" authentication locally for SSH access from different remote sites, right? And you don't want these sites to be able to use an already defined administrator password in your router. Please correct me if I am wrong!
Well, since this administrator user is already configured in the router, and you are using local authentication, I don't think it would be possible to seggregate between this specific user and the rest in terms of where to access from.
This is best ot my knowledge.
06-05-2003 03:12 PM
Hi,
Sorry ! This is not possible. Once you define the user database on router, for any type connection, all the users in the local database would be used across the board, no way to distinct. With a AAA server, this is possible by manipulating the attributes in the profile. Thanks,
Mynul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: