06-05-2007 12:20 PM - edited 03-05-2019 04:30 PM
We are setting up ssh but the thing I don't like when using tacacs , it no longer prompts you for your username it only asks for the password , somehow the username gets sent and then it just asks for the password. This becomes confusing because you do not know if it asking for a tacacs password or the box login and enable secret passwords . Anyone know if there is a way around this so that it will ask for both the username and password for tacacs . The behavior appears to be the same for both IOS and catos . Any help appreciated, thanks.....
Solved! Go to Solution.
06-05-2007 05:41 PM
Glen
I am thinking that this behavior is dependent on the SSH client. I can not speak to the behavior of any client on solaris but I do know that when I use SecureCRT as my SSH client it always prompts me for user name as well as password. And whenever I have logged in on a Cisco device and authenticated with user name and password, then if I use the SSH client included in the Cisco it seems that it already knows what user ID authenticated that user session and uses that ID for the outbound SSH and only prompts for the password.
I do not believe that this is a TACACS behavior but believe it is the behavior of the client in Cisco. I am not aware of any way to change that behavior of the SSH client in Cisco.
HTH
Rick
06-05-2007 04:59 PM
Where are you ssh'ing from (OS and SSH version)?
06-05-2007 05:22 PM
From any IOS version and we are using version 1 of SSH . I was mainly goimng from a solaris box but get the same thing sshing from another cisco IOS box.
06-05-2007 05:41 PM
Glen
I am thinking that this behavior is dependent on the SSH client. I can not speak to the behavior of any client on solaris but I do know that when I use SecureCRT as my SSH client it always prompts me for user name as well as password. And whenever I have logged in on a Cisco device and authenticated with user name and password, then if I use the SSH client included in the Cisco it seems that it already knows what user ID authenticated that user session and uses that ID for the outbound SSH and only prompts for the password.
I do not believe that this is a TACACS behavior but believe it is the behavior of the client in Cisco. I am not aware of any way to change that behavior of the SSH client in Cisco.
HTH
Rick
06-05-2007 09:23 PM
I agree with Rick. When i use a SSH client like putty it always prompts me for a username and password when the device is configured for Tacacs and SSH.
When initiatd from the Cisco IOS device, it does not prompt the username.
Narayan
06-06-2007 03:29 AM
Thanks guys , thats what I kind of figured but wanted to verify . To be honest I'll take telnet anyday. :-)
06-06-2007 06:40 AM
When you ssh from Solaris, the OpenSSH client defaults to using the username of your current Solaris session. You can explicitly specify what username SSH should use with "ssh -l username routername" or "ssh username@routername".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: