04-07-2009 01:42 PM
I run show run on Ipsec router and I saw this out put w/ username, some of the user are no longer w/ company.. can you explain what that is ,, Thanks
crypto pki certificate chain TP-self-signed-30870734
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
6F6D301F 0603551D 23041830 168014D2 0E1A45EF 2074A674 C112A6BC 1B373E1F7425772D D90CABE3B7297601 B557EBA6 4E915843 8900F05B 723F20B486F87D94
3C3B3B28 56F715A7 19FD638105CE3F6B 0C0F53BC 3A9A9EC103C03828 22AC7323
347827DA A74C40C7198E02C74AC2A5A1 9ED7B069 6CBE733F 599487CF 434F6769
61A374EB 2CE6E86A 1EE681BC387DD6239AD84E2C 69
quit
username pdow secret 5 $1$6LkS$q.VKZFHBtYsbhcSz.
username mluky secret 5 $1$VDrT$k54Q0oHt.hKo7c8jbs0
username demo secret 5 $1$NAir$4TafzKEBXlODLhwzPYZ/
username muku secret 5 $1$ViKG$NwZiTVGPfRswMaEep/
username nmjuy secret 5 $1$8oFh$jzuOttyzQnOKTcDzxMd1
username nerveuy secret 5 $1$eOLD$0dW2bMtRnQFKeFf66f9.
username poiro secret 5 $1$lrZQ$DPUoJCGnibaojt4v9F/
04-07-2009 03:45 PM
those numbers in a chain are the result of a crypto key generate rsa in the device required for ssh access possibly to manage the device, along with the local user names preconfigured with their respective secret passwords for local authentication .
Regards
04-08-2009 08:09 AM
Jorge
My name is not there and I am able to log ssh to it.is that part of local user name ?
one more question somenames other name there that are no longer w/ company there name is there ?
is this security issue ?. I know obout security ... "if you don't know you don't trust"
Thanks
04-08-2009 12:20 PM
Local Usernames are also configured for other purposes such as RA vpn, it would help to see the complete config to understand the purpose of usernames confiured in the router, are you getting prompted when you ssh to the router, if you are not geting prompted with username then your VTY lines are not configured with login local
for example to use local auth with usernames created in router your vty lines would look similar to:
line vty 0 4
login local
transport input ssh
but once again , it will help to look at the complete device configuration, are you doing RA VPN using local auth for those users perhaps, or if you are simply auditing the router and do not know who those names are, then that is part of clean up.
Regards
04-09-2009 08:36 AM
Jorge, Thanks for the info..here what I have the rest is all routing config as well as ACLs
security authentication failure rate 5 log
logging buffered 51200 debugging
no logging console
no logging monitor
enable password 7 xxxxxxxxx
!
aaa new-model
!
!
aaa authentication login Remote group radius enable
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone est -5
clock summer-time EDST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip cef
radius-server host xxxxx auth-port xxxx acct-port xxxx key 7 xxxxxxxxxxx
radius-server host xxxxx auth-port xxxx acct-port xxxx key 7 xxxxxxxxxxx
!
control-plane
!
!
!
!
credentials
!
privilege exec level 7 clear line
privilege exec level 7 clear
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 xxxxxxxxx
login authentication Remote
transport input ssh
line vty 5 15
password 7 xxxxxxxxxx
login authentication Remote
transport input ssh
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide