We need to start using SSH Company wide. We have about 800 remote VPN sites that have 1710 routers with an IOS that supports SSH. I can configure SSH and it works great but the problem I have is with usernames and passwords. We already have usernames and passwords configured in each router for dial backup purposes and I dont want these usernames and passwords to be used for the SSH login, I only want one administrator password listed for vty and console logins. We dont want to use TACACS or RADIUS with an ASC server for these remote sites just a local username and password. Is there a way I can specify this password is just used for vtp and console ports and the other passwords are just used by the dialer interface? Any suggestions would be appreciated.
I hope I understood your question correctly. You are basically trying to define "login" authentication locally for SSH access from different remote sites, right? And you don't want these sites to be able to use an already defined administrator password in your router. Please correct me if I am wrong!
Well, since this administrator user is already configured in the router, and you are using local authentication, I don't think it would be possible to seggregate between this specific user and the rest in terms of where to access from.
Sorry ! This is not possible. Once you define the user database on router, for any type connection, all the users in the local database would be used across the board, no way to distinct. With a AAA server, this is possible by manipulating the attributes in the profile. Thanks,
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :