Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSH

Do I need to enable AAA for SSH to work?

4 REPLIES

Re: SSH

no, but it's optional. for ssh to work, all you need are 4 things: hostname, domain name, generate rsa key and enable ssh transport for vty lines

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml#req

New Member

Re: SSH

Its wont work until I enable aaa new-model.

They It will request for local login.

Attached is the error message without aaa new-model configured.

Below is my config.

hostname JUSTKENNIE

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

ip cef

!

!

!

!

ip domain name computeIT.com

ip ssh version 2

!

!

!

username CISCO password 0 cisco

!

!

!

!

!

!

interface FastEthernet0/0

ip address 10.12.14.216 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

!

!

ip http server

no ip http secure-server

!

!

!

!

!

!

!

control-plane

!

!

banner login ^C ALLAH IS GREAT ^C

!

line con 0

line aux 0

line vty 0 4

no login

transport input telnet ssh

!

scheduler allocate 20000 1000

Re: SSH

ssh will work with or without AAA. local login is the username and password configured on the router:

username CISCO password 0 cisco

have you tried entering the password "cisco"? kindly post show ssh and show ip ssh output.

Hall of Fame Super Silver

Re: SSH

Actually there is a bit of a mismatch when you try to use SSH on a Cisco router without AAA new-model and with the default configuration of having a line password. The SSH wants to do a username and password but the router only wants to authenticate with a password (no username).

It is quite possible to resolve this without requiring aaa new-model. Just configure under the vty lines:

login local

this will cause the router to prompt for username and password and to use both in authentication.

HTH

Rick

267
Views
5
Helpful
4
Replies
CreatePlease login to create content