can anyone explain pls

cisco steps · ‎04-07-2009

I run show run on Ipsec router and I saw this out put w/ username, some of the user are no longer w/ company.. can you explain what that is ,, Thanks

crypto pki certificate chain TP-self-signed-30870734

certificate self-signed 01

30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030

6F6D301F 0603551D 23041830 168014D2 0E1A45EF 2074A674 C112A6BC 1B373E1F7425772D D90CABE3B7297601 B557EBA6 4E915843 8900F05B 723F20B486F87D94

3C3B3B28 56F715A7 19FD638105CE3F6B 0C0F53BC 3A9A9EC103C03828 22AC7323

347827DA A74C40C7198E02C74AC2A5A1 9ED7B069 6CBE733F 599487CF 434F6769

61A374EB 2CE6E86A 1EE681BC387DD6239AD84E2C 69

quit

username pdow secret 5 $1$6LkS$q.VKZFHBtYsbhcSz.

username mluky secret 5 $1$VDrT$k54Q0oHt.hKo7c8jbs0

username demo secret 5 $1$NAir$4TafzKEBXlODLhwzPYZ/

username muku secret 5 $1$ViKG$NwZiTVGPfRswMaEep/

username nmjuy secret 5 $1$8oFh$jzuOttyzQnOKTcDzxMd1

username nerveuy secret 5 $1$eOLD$0dW2bMtRnQFKeFf66f9.

username poiro secret 5 $1$lrZQ$DPUoJCGnibaojt4v9F/

JORGE RODRIGUEZ · ‎04-07-2009

those numbers in a chain are the result of a crypto key generate rsa in the device required for ssh access possibly to manage the device, along with the local user names preconfigured with their respective secret passwords for local authentication .

Regards

Jorge Rodriguez

cisco steps · ‎04-08-2009

Jorge

My name is not there and I am able to log ssh to it.is that part of local user name ?

one more question somenames other name there that are no longer w/ company there name is there ?

is this security issue ?. I know obout security ... "if you don't know you don't trust"

Thanks

JORGE RODRIGUEZ · ‎04-08-2009

Local Usernames are also configured for other purposes such as RA vpn, it would help to see the complete config to understand the purpose of usernames confiured in the router, are you getting prompted when you ssh to the router, if you are not geting prompted with username then your VTY lines are not configured with login local

for example to use local auth with usernames created in router your vty lines would look similar to:

line vty 0 4

login local

transport input ssh

but once again , it will help to look at the complete device configuration, are you doing RA VPN using local auth for those users perhaps, or if you are simply auditing the router and do not know who those names are, then that is part of clean up.

Regards

Jorge Rodriguez

cisco steps · ‎04-09-2009

Jorge, Thanks for the info..here what I have the rest is all routing config as well as ACLs

security authentication failure rate 5 log

logging buffered 51200 debugging

no logging console

no logging monitor

enable password 7 xxxxxxxxx

!

aaa new-model

!

aaa authentication login Remote group radius enable

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization network sdm_vpn_group_ml_1 local

!

aaa session-id common

!

resource policy

!

clock timezone est -5

clock summer-time EDST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

ip cef

radius-server host xxxxx auth-port xxxx acct-port xxxx key 7 xxxxxxxxxxx

!

control-plane

!

credentials

!

privilege exec level 7 clear line

privilege exec level 7 clear

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password 7 xxxxxxxxx

login authentication Remote

transport input ssh

line vty 5 15

password 7 xxxxxxxxxx

login authentication Remote

transport input ssh

Thanks