Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why this username and password doesn't work (SSH)?

Imagine that I have the following setup on my 2960 switch:

!

enable secret pass1

!

username magoo password pass2

!

line vty 0 4

password pass3

login

transport input ssh

!

Then I launch putty.exe and reach the 2960, I get username and password prompt OK.

I input username = magoo".

I input password "pass2" and that get a message "access is denied".

What am I missing here?

My intention is to force people to logon via ssh and get prompted to input

username = magoo and password = pass2 to access user exec mode.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Why this username and password doesn't work (SSH)?

Change your login to "login local" under your line:

line vty 0 4

login local

I'm not sure if your switch supports it, as I don't have one to test, but you generally need an ssh key configured on a router (but since this is a switch, I'm not sure). You would do this by:

1.) Having a domain name configured

2.) Generating the key "crypto key generate rsa general-keys mod 1024"

See if your switch supports it because mine doesn't. (Now I need to figure out why I can't ssh into mine!) :)

HTH,

John

HTH, John *** Please rate all useful posts ***
3 REPLIES

Re: Why this username and password doesn't work (SSH)?

Change your login to "login local" under your line:

line vty 0 4

login local

I'm not sure if your switch supports it, as I don't have one to test, but you generally need an ssh key configured on a router (but since this is a switch, I'm not sure). You would do this by:

1.) Having a domain name configured

2.) Generating the key "crypto key generate rsa general-keys mod 1024"

See if your switch supports it because mine doesn't. (Now I need to figure out why I can't ssh into mine!) :)

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Re: Why this username and password doesn't work (SSH)?

Yes, I generated the key - OK.

I did as you said with 'login local' and it works.

Just a confirmation:

If I do 'login local' under vty 0 15, this does not block me from logging on users via AAA in the future, right?

I will read more the docs to understand this...

Hall of Fame Super Silver

Re: Why this username and password doesn't work (SSH)?

Marlon

The reason that it is not taking the username and password is that the vty default to authenticating with the line password that is configured. And you have not done anything to change the default behavior. John's suggestion to specify login local is certainly one way to fix it. You could also get the result that you want by configuring aaa authentication to do local authentication.

[edit] I just saw your post asking about the relationship between login local and aaa authentication. When you start aaa authentication it will over ride the login local. So you can do login local until you are ready to start aaa. When you start aaa then it will take precedence over login local.

HTH

Rick

2120
Views
0
Helpful
3
Replies