Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Login local / SSH / username not working (not the basic configuration SSH stuff but more tricky)

Hello all,


I'm sorry to bother all of you with such a simple question but the answer is avoiding me for the whole morning and after browsing the web with frenesy I still can't find my answer. I hope you guys have the answer I search.




I have a switch 2940 with IOS ssh capable.


IOS (tm) C2940 Software (C2940-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)


On this switch I have an IP address, let's say for the sake of the example, which allows me to connect remotely via telnet.


I have the basic SSH configuration set up:

ip domain-name
ip ssh time-out 120
ip ssh authentication-retries 3

hostname switch1

enable secret test

username user1 privilege 15 secret 5 $1$hh/A$ZJqF74RtN03fbbVwPu4m.1  (this is the result of show run not the actual password)

line vty 0 4

password pass


line vty 5 15

transport input ssh

login local




With this configuration SSH is not working. The description of not working is this one:

  1. I access the switch with SSH. OK
  2. I get prompted with username and password. OK
  3. When entering my credentials, I get a bad credentials from entering the user1 login/password.


However if I delete login local and add on global config mode aaa new-model the SSH will work.


At first I didn't pay attention because I use aaa new model (+ the method list set) on all of my switches, but I want to understand why login local is not working with this set up. 


Thanks in advance for your answers!


have a great day.


VIP Purple

On line "vty 0 4" you only

On line "vty 0 4" you only have configured "login" which is not valid if you use SSH. When you connect with SSH you land on the first line and whatever you enter, it will fail. When you switch to AAA, login with username/password is default and now you have "disabled" the "login" config and you can use the configured username/password.

Don't stop after you've improved your network! Improve the world by lending money to the working poor:
CreatePlease login to create content