Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

891W ISR: Does SSH corrupt passwords?

Does SSH have some kind of issue with using passwords with special characters or something?  I am working with an 891W.  I have ony done the basic config on it using CCP Express so not much is done yet, but I do have enable and enable secret both set the same.  An example password I haev is passwprd!PASS! with the only special characters being the ! .  I can log into the router via CCP Express in a web browser, but when I ssh to the router and enter my creds it tells me Access Denied. 

It is most likely that I have done nothing of consequence to cause this since if memory serves the only thing I did between when SSH worked and now when it doesn't, is edi vty 5 15 and vty 0 4 with "transport input ssh", (thus removing telnet).  I certainly have not chnaged the password so the one that gets me into CP Express shoudl work on SSH too.  It is the only username I have ever specificed. 

Can anybody help?

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Purple

891W ISR: Does SSH corrupt passwords?

Hi,

to connect with ssh to a router you need a user/password defined in the router with the username xxx password yyy command and you must have login local configured under the vty line.

Can you do show run | be line vty as well as show run | i user either directly into CLI or with the command window in CCP.

Regards.

Alain

Don't forget to rate helpful posts.
4 REPLIES
Purple

891W ISR: Does SSH corrupt passwords?

Hi,

to connect with ssh to a router you need a user/password defined in the router with the username xxx password yyy command and you must have login local configured under the vty line.

Can you do show run | be line vty as well as show run | i user either directly into CLI or with the command window in CCP.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

891W ISR: Does SSH corrupt passwords?

I have much to learn.  Much.  I think I only added vty 0 4 because the Software Config Guide for the 890's sort of implied Ishould, but I later saw that vty 5 15 was already there by default.  So I compared the two and noticed that "login local" thing.  My vty 0 4 had only "login".  The SCG did not mention this little fact (perhaps the documentation team needs to know?) I guess "local" means a password list local to the rotuer as opposed to some kind of external one or someting.  Adding that fixed the problem though. 

I've always known that I need to become CCNA to even unbox a Cisco router but this kind of stuff just proves it.  That will take time of course but meanwhile I will need to use this forum frequently I think.  Thank you Alain for your help! 

Purple

891W ISR: Does SSH corrupt passwords?

Hi,

you're welcome.

Yes login local means use the user/password credentials configured locally on the router, if you want to use credentials stored on a radius/tacacs+ server you would need to configure AAA and either use a default method and then it will automaically applied to all lines or a named method which you can explicitly configure on a line to override the default method.

here is an example:

1) default method which uses radius server and defaults back to local if the server is not responding

  aaa new-model

  aaa authentication login default group radius local

  radius-server host x.x.x.x key XXX

  so nothing to configure under lines

2) named method MY_AUTH using radius and line password if the server is not responding

aaa new-model

aaa authentication login MY_AUTHt group radius line

radius-server host x.x.x.x key XXX

line vty 0 4

password cisco

login authentication MY_AUTH

Regards.

Alain.

Don't forget to rate helpful posts.
New Member

Re: 891W ISR: Does SSH corrupt passwords?

I apologize for not replying sooner, sometimes I lose track. Will remember to review this thread soon. Thank you!

Sent from Cisco Technical Support iPad App

659
Views
0
Helpful
4
Replies