Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Change in behavior of ssh session after IOS upgrade

I upgraded a series of 3560s and 4506s to version 12.2(53)SE and 12.2(53)SG1, respectively.  Before the upgrade, I would login to the switches using an SSH client.  I'd enter a user id and password for the initial connection and then if I wanted to get into enable mode, I had to enter a separate password.  Now, after the upgrade, on the 3560s, I am automatically placed into enable mode after entering the initial userid/password sequence.  There's no need to enter a separate enable password.  On the 4506s, the functionality is the same as before the upgrade.  Any ideas on what happened and how I might be able to get the 3560s back to the original behavior?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: Change in behavior of ssh session after IOS upgrade

Hello Sdavids5670,

without seeing your configuration and may be the output of appropriate debug commands is difficult to say what has changed.

It should be more related to AAA commands rather then the use of SSH instead of telnet.

skip username and passwords, change your public ip addresses if any on devices and post the configuration.

probably a default AAA command was changed and it is causing this behavior.

Hope to help

Giuseppe

Re: Change in behavior of ssh session after IOS upgrade

I upgraded a series of 3560s and 4506s to version 12.2(53)SE and
12.2(53)SG1, respectively.  Before the upgrade, I would login to the
switches using an SSH client.  I'd enter a user id and password for the
initial connection and then if I wanted to get into enable mode, I had
to enter a separate password.  Now, after the upgrade, on the 3560s, I
am automatically placed into enable mode after entering the initial
userid/password sequence.  There's no need to enter a separate enable
password.  On the 4506s, the functionality is the same as before the
upgrade.  Any ideas on what happened and how I might be able to get the
3560s back to the original behavior?

Hi,

It can be problem with aaa configuration in your switches for enable mode authentication just check out the below sample configuration which will go for enable level password authentication also with TACAS server configured for authetication.

aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

Hope to Help !!

If helpful do rate the post

Ganesh.H

3 REPLIES
Hall of Fame Super Silver

Re: Change in behavior of ssh session after IOS upgrade

Hello Sdavids5670,

without seeing your configuration and may be the output of appropriate debug commands is difficult to say what has changed.

It should be more related to AAA commands rather then the use of SSH instead of telnet.

skip username and passwords, change your public ip addresses if any on devices and post the configuration.

probably a default AAA command was changed and it is causing this behavior.

Hope to help

Giuseppe

Re: Change in behavior of ssh session after IOS upgrade

I upgraded a series of 3560s and 4506s to version 12.2(53)SE and
12.2(53)SG1, respectively.  Before the upgrade, I would login to the
switches using an SSH client.  I'd enter a user id and password for the
initial connection and then if I wanted to get into enable mode, I had
to enter a separate password.  Now, after the upgrade, on the 3560s, I
am automatically placed into enable mode after entering the initial
userid/password sequence.  There's no need to enter a separate enable
password.  On the 4506s, the functionality is the same as before the
upgrade.  Any ideas on what happened and how I might be able to get the
3560s back to the original behavior?

Hi,

It can be problem with aaa configuration in your switches for enable mode authentication just check out the below sample configuration which will go for enable level password authentication also with TACAS server configured for authetication.

aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

Hope to Help !!

If helpful do rate the post

Ganesh.H

New Member

Re: Change in behavior of ssh session after IOS upgrade

Thanks for the help.  There were two approaches to returning the behavior back to what it was before the upgrade.  I either a) needed to add 'aaa new-model' to the configuration or b) I needed to remove the 'password' command from the 'line vty' section.  Either one worked.

409
Views
0
Helpful
3
Replies
CreatePlease login to create content