No, a username is not required to access this remotely -- we use the vty and enable passwords (which I mentioned above). Or one could use AAA + radius/tacacs which authenticates against active directory or something similar. Just wondering if the username can be totally eliminated.

yes, devices can be configured for no logins/passwords but think what is the benefit we get if we disable it?

If we dont secure the devices that are managing your critical data, probably the only benefit is ease of login and cost savings in terms of not deploying third party authentication devices.

not securing your logins has many disadvantages, just try googling it ;)

If you remove the password from the VTY lines you will not be able to connect to the device!

OP, your question is both confusing and contradictory, you don't have username(s) configured, yet you would like to remove them?

Martin

No one said anything about removing vty passwords, just the usernames. And I don't want a local database either.

I should be more clear, we do have a username configured, but it is never used, since we use vty/enable passwords (I know, telnet is not safe), or we use Tacacs, which doesn't use usernames either, in our configuration. So I'd like to remove all usernames.

(Later) Maybe I've answered my own question:  I just verified that a new router config contains *no* username statement. This leads me to believe it is not necessary for basic operations.

I was replying to Suraj above who said about removing them.

That is the command to remove your username(s).

By default there are no users configured, it is beneficial though, for the reasons stated.

Martin

I agree, better accountability with usernames. We do use Tacacs on a subset of network - in this case, is there any need to have a username specified (since our Tacacs doesn't use it either)?

Suraj2002, you misunderstood, I require *and* use authentication for login, I just don't use the username to do it.

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Hmm, don't know if you cannot use a user name if using RADIUS or TACACS.  However, if you don't want usernames per real person, what about a generic name?  Everyone that knows the username and password, could use it.

I don't want a local username database, that is sort of the point of my question.  I want to delete all usernames, just wondering if this is feasible.

You *can* use SSH without using usernames, using Tacacs or Radius.

When using a local database you *do* have to create a username, this is what I was referring to.

You are connecting via Telnet (which isn't wise)

Martin