cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1390
Views
0
Helpful
5
Replies

Disable root

egeorgopoulos
Level 1
Level 1

Hello,

I would like to know how can I disable user 'root' who logs in to the router without password (cisco 800 series).

Thank you.

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Egeorgopolus,

do

sh run | inc username

if you find a line like

username root

you just need to deny it with

conf t

! report the whole line here with no in front

no username root

Hope to help

Giuseppe

Actually there is no root username, so this username cannot be disabled. Any other clu
es?

Thank you.

Do you have any AAA statements to a tacacs or radius server that could contain the user root ?

How do you know that root is logging in ?

If there for some reason now is a user root who loggs in at the router without password

First, have you tried to login with root ?

Second, why not create the user root with an very complex password ?

would that keep them out ? atleast until you can figure out whats going on ?

HTH

Yes, I tried with root user and it can log in without entering any password. The AAA is enabled, so for the time being I modified the root user to enter the system with a password.

The odd thing is that there wasn't any username 'root' in the configuration before. At least now, this user is forced to enter a password.

Thank you.

If you are using AAA you can use a user database outside the router. (radius/tacacs+)

If the AAA is enabled and you are using it, the root user gets his/her credentials from the AAA server.

So if the AAA server is a linux/unix style box, (most likely since windows does not use root) then most likely there is a problem with the root user at that machine, ie that root user does not have a password. (wich can be quite bad)

a local user database would have shown the username root in the config

(to check local database just do :  "sh ru | include root"  the | is the pipe sign.)

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: