Помогите настроить доступ к коммутатору Catalyst 3750E.
Нужно сделать следующее:
1. При подключении по консоли я сразу попадаю в привилегированный режим (level 15), без авторизации и без enable.
2. При подключении по сети (SSH) с авторизацией под логином admin я сразу попадаю в привилегированный режим (level 15), без enable.
3. При подключении по сети (SSH) с авторизацией под логином user я сразу попадаю в привилегированный режим (level 5), без enable.
Сейчас я сгенерировал ключи, создал пользователей (с шифрованными паролями), включил SSH, настроил привилегии.
Терминалы настроены так:
username admin privilege 15 password 7 xxx username user privilege 5 password 7 xxx ... aaa new-model aaa authentication login default local ... line con 0 line vty 0 4 access-class ADMIN_ACCESS in exec-timeout 60 logging synchronous line vty 5 15 access-class ADMIN_ACCESS in exec-timeout 60 logging synchronous
Но что-то не так.
При подключении по консоли запрашивается авторизация. И режим не привилегированный, нужно вводить enable (без пароля).
При подключении по сети (ssh или telnet) запрашивается авторизация. При входе режим не привилегированный, но при вводе enable выдается ошибка:
CORE-SERVICE-C3750E>ena % Error in authentication.
Ну и если не сложно, чем терминалы 0-4 отличаются от терминалов 5-15?
I have a new Cisco 2811 router. I can telnet to the route successfully. However, when I try to issue the enable command, I get the following:
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
Username: <user name>
Password:
TestRouter>enable
% Error in authentication.
TestRouter>
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
I do have crypto commands entered for future Easy VPN setup. It is my main suspicion of what is causing the problem. I have edited my configuration down to the relevant commands below and removed usernames and passwords as needed:
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
!
aaa new-model
!
aaa authentication login USERLIST local
!
aaa session-id common
!
username <user name> privilege 15 password <user password>
!
crypto ipsec client ezvpn 3G-VPN
connect auto
group 3G-VPN key <key>
mode network-extension
peer 172.16.1.1
username <crypto user name> password <password>
xauth userid mode local
!
interface FastEthernet0/0
ip address 10.1.9.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
crypto ipsec client ezvpn 3G-VPN inside
!
line con 0
!
line aux 0
!
line vty 0 4
login authentication USERLIST
!
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
Any suggestions on the cause of ‘% Error in authentication. message’?
Thank you!
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
перестало пускать по SSH на циску-Connection refused
перестало пускать по SSH на циску-Connection refused. при этом в конфиге вроде параметры насчёт этого правильные — не менялись…
Код:
line vty 0 4
access-class 23 in
password 7 023C144B5D5F59714D6300
transport input ssh
line vty 5 15
access-class 23 in
password 7 04611B1659781A1E08340C
transport input ssh
Hando
Зарегистрирован: 21 июл 2009, 13:59
Сообщения: 565
Откуда: Moscow
Re: перестало пускать по SSH на циску-Connection refused
настроен ли aaa (есть ли в конфиге aaa new-model)
задан ли локально какой либо пользователь ( пасворд на line на ssh никак не влияет )?
наконец работает ли ssh вообще ( создали ли крипто кей для него и тп )?
посмотреть:
#sh processes | i SSH
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
кажется сам процесс не запущен ((
Код:
gateway#sh processes | i SSH
gateway#
да, в конфиге есть aaa new-model -недавно настраивал, а как оно могло повлиять?
2 пользователя заданы локально….
Hando
Зарегистрирован: 21 июл 2009, 13:59
Сообщения: 565
Откуда: Moscow
Re: перестало пускать по SSH на циску-Connection refused
Подозреваю
sh crypto key mypub rsa
ничего не выводит
crypto key generate rsa modulus 2048 labe SSH_KEY export general
ip ssh version 2
ip ssh rsa keypair-name SSH_KEY
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
да, sh crypto key mypub rsa ничего не выводит ((
gateway(config)#crypto key generate rsa ?
general-keys Generate a general purpose RSA key pair for signing and encryption
storage Provide a storage location
usage-keys Generate separate RSA key pairs for signing and encryption
<cr>
Hando
Зарегистрирован: 21 июл 2009, 13:59
Сообщения: 565
Откуда: Moscow
Re: перестало пускать по SSH на циску-Connection refused
старый иос походу — синтакски другой
пробуйте crypto key generate rsa general-keys и дальше по ? добивать команду
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
а дальше как ?
Код:
gateway(config)#crypto key generate rsa general-keys modulus 1024 ?
exportable Allow the key to be exported
storage Provide a storage location
<cr>
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
Выполнил:
gateway(config)#crypto key generate rsa general-keys label MY_KEYS modulus 1024
gateway(config)#ip ssh rsa keypair-name MY_KEYS
gateway#sh processes | i SSH
67 Mwe 818BC4D8 0 2 0 4076/6000 0 SSH Event handle
gateway# show ip ssh
SSH Enabled — version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Но при правильно указанном пароле не подключается (( — Permission denied, please try again.
При этом:
Код:
line vty 0 4
access-class 23 in
password 7 023C144B5D5F59714D6300
login
transport input telnet ssh
line vty 5 15
access-class 23 in
password 7 04611B1659781A1E08340C
login
transport input telnet ssh
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4437
Re: перестало пускать по SSH на циску-Connection refused
Если ключ есть и пользователь тоже есть, то скорее всего не совпадает версия ssh
Попробуйте дать
no ip ssh ver
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
странно, но к сожалению не помогло ((
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4437
Re: перестало пускать по SSH на циску-Connection refused
Простой тест: попробуйте прямо с циски на саму себя залезть:
Ro# ssh -l [user] [ip int Ro]
ДОлжна спросить пароль. Если не спрашивает — ищем проблему в циске. Если спрашивает — в сетевых настройках и клиенте ssh
Hando
Зарегистрирован: 21 июл 2009, 13:59
Сообщения: 565
Откуда: Moscow
Re: перестало пускать по SSH на циску-Connection refused
по telnet тем же пользователем можно зайти?
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
по telnet можно зайти
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
не пустило ((
Ro# ssh -l admin 192.168.1.1
Password:
Password:
Password:
значит трабл в сетевых настройках или клиенте ssh..?
Hando
Зарегистрирован: 21 июл 2009, 13:59
Сообщения: 565
Откуда: Moscow
Re: перестало пускать по SSH на циску-Connection refused
а вообще строчка
Permission denied, please try again.
оч смахивает на ругань линуксового openssh, когда косяк с /dev/tty ( права доступа кривые )
должно быть
nikita@nikitaDeb:~$ ls -alh /dev/tty
crw-rw-rw- 1 root root 5, 0 Ноя 13 16:55 /dev/tty
nikita@nikitaDeb:~$
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4437
Re: перестало пускать по SSH на циску-Connection refused
ПО видимому. Или в маршрутизации
Ilya
Зарегистрирован: 20 окт 2009, 18:55
Сообщения: 962
Re: перестало пускать по SSH на циску-Connection refused
боюсь показаться тупым:
username создан?
line vty 0 4
login local
не поможет?
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4437
Re: перестало пускать по SSH на циску-Connection refused
Ну дык сама то циска спрашивает.
К тому же
aaa new-model
автоматически означает
aaa authentication login default local
и применение этого правила везде, где уже открыт доступ (консоль, vty и пр.)
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
получилось зайти после добавления в конфиг:
Код:
line vty 0 15
no password
login local
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4437
Re: перестало пускать по SSH на циску-Connection refused
Очень странно… Ибо если он пускал сам на себя (кстати, пускал при введении правильного пароля?) значит и правило было.
Короче, чтобы не гадать, надо всегда делать так:
aaa new-model
aaa authentication login defaul local
line vty 0 4
login authen default
Так будет работать всегда. Явно описано использование локальной базы данный юзеров.
login local на line vty пишется тогда, когда не включено aaa new-model, а ssh использовать надо.
Ilya
Зарегистрирован: 20 окт 2009, 18:55
Сообщения: 962
Re: перестало пускать по SSH на циску-Connection refused
Знаешь, а у меня без нее плохо работает. Ведь без aaa new-model у тебя не включится ssh. Поэтому я либо всегда делаю явный список, либо пишу login local. Почему и предложил..
ll75
Зарегистрирован: 29 окт 2009, 10:37
Сообщения: 129
Re: перестало пускать по SSH на циску-Connection refused
странно, у меня стоит no aaa new-model и включился ssh….
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4437
Re: перестало пускать по SSH на циску-Connection refused
Не, не странно. Это я прогледел при ответе вам строку no aaa new-model. А варианта всего 2
no aaa new-model
line vty 0 4
login local
или
aaa new-model
aaa authen login default local
line vty 0 4
login authen default
Первый вариант старый, не очень удобные, не может использовать сервера аутентификации. Второй — новый.
SOLVED: % ERROR IN AUTHENTICATION — CISCO COMMUNITY
I am trying to enable ssh on my cisco 3850 switch. When i changed to aaa new-model and i try to ssh to the switch i get the username prompt and then i put in the username. the first thing it says is «Using keyboard-interactive authentication.» then it prompts me for password. I put the password in and it takes me to usermode. Then when I type en to get to enable mode …
From community.cisco.com
Estimated Reading Time 4 mins
SOLVED: ERROR IN AUTHENTICATION — CISCO COMMUNITY
You should be able to tell this by looking in the TACACS logs, or you could determine this by running debug tacacs authentication and seeing if the authentication request to TACACS is getting responses. If you are authenticating with TACACS then you need to check how the user ID is set up in TACACS.
From community.cisco.com
Estimated Reading Time 6 mins
ENABLE % ERROR IN AUTHENTICATION. — CISCO COMMUNITY
router(config)#aaa authentication login default local Etc. Now, I can connect to the router identified as <username> with its password but I forgot to create it with «privilege 15».
From community.cisco.com
Estimated Reading Time 4 mins
HOW TO CONFIGURE SSH ON CISCO IOS DEVICES — LETSCONFIG
IOS(config)#username admin privilege 15 secret [email protected] Verification. Now, let’s verify our ssh by using “show ip ssh” command. IOS#show ip ssh SSH Enabled — version 1.99 Authentication methods:publickey,keyboard-interactive,password Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa Encryption …
From letsconfig.com
HOW TO FIX “SSH TOO MANY AUTHENTICATION FAILURES” ERROR
To fix this error, you need to add the IdentitiesOnly with a value of yes, which instructs ssh to only use the authentication identity files specified on the command line or the configured in the ssh_config file (s), even if ssh-agent offers additional identities. For example:
From tecmint.com
TROUBLESHOOTING SSH CLIENT CONNECTION … — CISCO PRESS
SSH: host key initialized SSH: license supports DES: 1 SSH0: SSH client: IP = ‘192.168.111.7’ interface # = 1 SSH0: starting SSH control process SSH0: Exchanging versions — SSH-1.5-Cisco-1.25 SSH0: client version is — SSH-1.5-2.4.0 (compat mode) SSH0: begin server key generation SSH0: complete server key generation, elapsed time = 2970 ms SSH0: …
From ciscopress.com
SSH FAILING FROM CISCO TO JUNIPER — SSH2 CLIENT 0: CHANNEL …
I’ve did some research and found that Cisco ssh client doesn’t work properly with OpenSSH 6.9. Cisco vs 6.9. Turns out the problem is the new protocol extension for sending host keys to the client after user authentication (section 2.5 of the PROTOCOLS document). Commenting out the notify_hostkeys() call in sshd.c fixes the issues with …
From networkengineering.stackexchange.com
SECURING CISCO IOS SSH SERVER — NETWORKJUTSU
router01#sh ip ssh SSH Enabled — version 2.0 Authentication methods:publickey,keyboard-interactive,password Authentication timeout: 120 secs; Authentication retries: 3 <— Output omitted for brevity —> router01#conf t Enter configuration commands, one per line. End with CNTL/Z. router01(config)#ip ssh time-out 30 router01(config)#do sh ip ssh SSH Enabled — …
From networkjutsu.com
CISCO DEVICE KICKS USERS OUT AFTER SUCCESSFUL AUTHENTICATION
Cisco Device Kicks Users Out After Successful Authentication. By Stephanie Hamrick February 15, 2018 September 18th, 2020 Blog, Cisco, Networking. No Comments. Description: Ever had an ssh session to a Cisco device close as soon as authenticating? This article describes one possible reason for this behavior. No Exec . Assuming you have access …
From pei.com
ENABLE PUBLIC KEY AUTHENTICATION FOR SSH ON CISCO SG300 …
In the right-hand pane, go ahead and check the Enable box next to SSH User Authentication by Public Key.Click the Apply button to save the changes. Don’t check the Enable button next to Automatic login just yet as I’ll explain that further down.. Now we have to add a SSH user name. Before we get into adding the user, we first have to generate a public and …
From helpdeskgeek.com
ENABLE SSH IN CISCO IOS ROUTER — MUSTBEGEEK
By default if we Enable SSH in Cisco IOS Router it will support both versions. Enable SSH in Cisco IOS Router. We can classify the process to into these 4 simple steps below: 1. Device preparation (setup hostname, domain name, username, and passwords) 2. Network preparation (IP addressing & routing) 3. Generate RSA key and activate SSH 4. Apply SSH …
From mustbegeek.com
CONFIGURE SECURE SHELL (SSH) USER AUTHENTICATION … — CISCO
Cisco Small Business 200 Series Smart Switches. Configure Secure Shell (SSH) User Authentication Settings on a Switch. Translations. Download. Print. Available Languages. Download Options. PDF (372.7 KB) View with Adobe Reader on a variety of devices. ePub (516.4 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone. Mobi …
From cisco.com
SETTING UP SSH AND LOCAL AUTHENTICATION ON CISCO ASA — PEI
Setting Up SSH and Local Authentication on Cisco ASA. By Stephanie Hamrick October 29, 2018 September 18th, 2020 Blog, Cisco, Networking. No Comments . Here’s how to set up SSH on a new ASA out of the box, as well as set up local authentication. Step 1: Configure aaa to use local database for ssh and console. ciscoasa# aaa authentication ssh …
From pei.com
CISCO 871 SSH LOGIN QUESTION — H]ARD|FORUM
Cisco 871 ssh login question. Thread starter â Velocitymaster â Start date Feb 5, 2007; Feb 5, 2007 #1 Â. â Velocitymasterâ Gawd. Joined Dec 12, 2004 Messages 584. I will show you my current sh run of my router to make it easier for you to help me. The thing is I use ssh instead of telnet for login or the internet from any remote computer to my router. Also …
From hardforum.com
SSH PUBLIC KEY AUTHENTICATION ON CISCO IOS
SSH Public Key Authentication on Cisco IOS. PKI (Public Key Authentication) is an authentication method that uses a key pair for authentication instead of a password. Two keys are generated: Anyone (or any device) that has the public key is able to encrypt data that can only be decrypted by the private key. This means you can share the public …
From networklessons.com
SSH AUTHENTICATION FAILURE ON CISCO ASA 5505 — SPICEWORKS
Make sure you do both the SSH and ENABLE. My problem was that I was just doing SSH. I knew that enable was the ‘enable’ command in an Cisco device but it did not really occur to me until someone else did it filling in all 4 fields that the enable feilds were mandatory. .I am just in a lab environment so I was able to get away with using the …
From community.spiceworks.com
HOW TO ENABLE SSH ON CISCO DEVICE? — GRANDMETRIC
To enable ssh authentication you need to configure at least local username and password (SSH doesn’t allow loging without user/pass pair): Router (config)#username testuser privilege 15 secret [email protected] And create authentication list pointing to local database of users. Router (config)#aaa new-model. Router (config)#aaa authentication login …
From grandmetric.com
NETWORKING — ASA 5540 ENABLE PASSWORD ISSUE — SERVER FAULT
I have a Cisco ASA 5540 running the following Software/Manager version: Cisco Adaptive Security Appliance Software Version 8.2(2)17; Device Manager Version 6.3(2) I use ASDM to make changes to the firewall on a constant basis with no issues. Recently, I needed to SSH into the firewall to make some more technical changes and after login with my …
From serverfault.com
ESECUREDATA INC.
Configure SSH input on Cisco switches and routers. tl;dr Enable SSH: conf t hostname Switch42 ip domain-name mydomain.com aaa new-model crypto key generate rsa If you have not yet set up user credentials, or want to add a new user: conf t username john secret cat12345. Where cat12345 is the password you wish to set for the user john. Solution. To enable SSH on a …
From my.esecuredata.com
ENABLING SSH ON A CISCO ASA — THE NETWORKING CORNER
Enabling ssh on a Cisco ASA. Enabling SSH on a Cisco ASA is not as easy as it might seem. On first look, you would think using just the “ssh <network> <subnet> <interface>” would do the trick but there are 2 more commands that are needed. In my specific scenario, I needed SSH access to a Cisco ASA from the 10.10.1.0/24 subnet.
From thenetworkingcorner.wordpress.com
CONFIGURE SECURE SHELL (SSH) SERVER AUTHENTICATION … — CISCO
Cisco Small Business 200 Series Smart Switches. Configure Secure Shell (SSH) Server Authentication Settings on a Switch. Translations. Download. Print. Available Languages. Download Options. PDF (197.9 KB) View with Adobe Reader on a variety of devices. ePub (275.9 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone . Mobi …
From cisco.com
SSH AUTHENTICATION ON A CISCO BUSINESS 350 SWITCH — CISCO
Cisco Business 350 Series Managed Switches. Configuration Examples and TechNotes. SSH Authentication on a Cisco Business 350 Switch. Translations. Download. Print. Available Languages. Download Options. PDF (358.4 KB) View with Adobe Reader on a variety of devices. ePub (453.8 KB) …
From cisco-apps.cisco.com
HOW TO PERFORM SSH RSA USER AUTHENTICATION – CISCOZINE
Cisco IOS SSH Version 2 (SSHv2) supports keyboard-interactive and password-based authentication methods. The SSHv2 Enhancements for RSA Keys feature also supports RSA-based public key authentication for the client and the server. RSA based user authentication uses a private/public key pair associated with each user for authentication. …
From ciscozine.com
CONFIGURE SECURE SHELL SSH USER AUTHENTICATION … — CISCO
Configure Secure Shell (SSH) User Authentication Settings on a Switch Objective Secure Shell (SSH) is a protocol that provides a secure remote connection to specific network devices. This connection provides functionality that is similar to a Telnet connection, except that it is encrypted. SSH allows the administrator to configure the switch through the command line interface (CLI) …
From cisco.com
HOW TO CONFIGURE SSH ON CISCO ROUTER OR SWITCH? — TECHNIG
It’s enough to learn how to configure SSH on Cisco router. R1> R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1 (config)# R1 (config)#ip domain-name Technig.com R1 (config)#crypto key generate rsa The name for the keys will be: R1.Technig.com Choose the size of the key modulus in the range of …
From technig.com
SSH AUTHENTICATION FAILURE DUE TO LOW MEMORY … — CISCO
This document describes the issue on a Cisco IOS ® router when Secure Shell (SSH) to the router sometimes fails with a reported user authentication failure in the SSH debugs. This issue occurs even though the user credentials entered are correct and the same credentials work correctly for Telnet. Note: Cisco bug ID CSCum19502 has been filed in order …
From cisco.com
CONFIGURING SSH AND CERTIFICATES — CISCO
Cisco Intrusion Prevention System Device Manager Configuration Guide for IPS 6.2 OL-15649-01 11 Configuring SSH and Certificates This chapter describes how to configure SSH and certificates for your sensor, and it contains the following sections: • Understanding SSH, page 11-1 † Configuring Authorized Keys, page 11-2 † Configuring Known Host Keys, page 11-4 † …
From cisco.com
CONFIGURING SSH ON A CISCO DEVICE — AUVIK NETWORKS INC.
A few versions of SSH have emerged over the years. Due to some critical security flaws with SSH-1, it’s important to use version 2. Cisco recommends using version 2 unless you have software that doesn’t support it. I’d go even further and recommend you simply not use version 1 for any reason. You’ll need a terminal emulator that …
From auvik.com
HOW TO FIX SSH «HOST KEY VERIFICATION FAILED» ERROR IN …
ERROR: It is also possible that a host key has just been changed. ERROR: The fingerprint for the ED25519 key sent by the remote host is ERROR: SHA256:mx1ctmvoleWzmA3kVqOr+H9uIMQFPsK9eTXlnJ5fnGA. ERROR: Please contact your system administrator. ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of …
From cyberithub.com
ERROR IN AUTHENTICATION — CISCO COMMUNITY
Hi, I have configured more than 40 Cisco routers (2811 & 1841) with the following aaa commands: aaa new-model ! ! aaa authentication login default group tacacs+ enable aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting netw…
From community.cisco.com
CISCO BUG: CSCUY65073 — SSH ERROR SSH_EXCHANGE_IDENTIFICATION
Symptom: Unable to connect to ASR5500 via telnet or ssh. Connection to the host is refused. SSH client returns error: ssh_exchange_identification: Connection closed by remote host Conditions: During edr file transfer, an internal file is open and the system uses sftp over ssh to transfer the file. If there is an authentication failure to connect to the server, the internal …
From quickview.cloudapps.cisco.com
CONFIGURING LOCAL AUTHENTICATION AND AUTHORIZATION — CISCO
Feature Information for Local Authentication and Authorization Release Feature Information CiscoIOS15.0(2)EX Thisfeaturewasintroduced. Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX OL-29048-01 5 Configuring Local Authentication and Authorization Feature Information for Local Authentication and Authorization
From cisco.com
SOLVED: % ERROR IN AUTHENTICATION CISCO CONSOLE ERROR …
”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 …
From experts-exchange.com
SSH RSA AUTHENTICATION WORKS IN IOS RELEASE 15.0M …
The feature we’ve begged, prayed, sobbed, yelled, screamed for has finally been implemented in Cisco IOS: public key SSH authentication works in IOS release 15.0M (and is surprisingly easy to use). After configuring SSH server on IOS (see also comments to this post), you have to configure the ssh pubkey-chain, where you can enter the key string (from your …
From blog.ipspace.net
SSH AUTHENTICATION PROBLEM ON CISCO ASA — SPICEWORKS
I can putty into the… | Cisco. We couldn’t connect to this device due to the following error: SSH authentication failed for user ssh-username-cfd.I can putty into the device fine from my SW server. Home. Home. Networking. Cisco. SSH authentication problem on Cisco ASA. by Les5807. on Mar 31, 2014 at 21:15 UTC. Cisco. 3. Next: Need …
From community.spiceworks.com
SSH AUTHENTICATION FAILURE ON EXISTING CISCO ROUTER …
We have Cisco 2910 routers and they scanned in fine, the SNMP, SSH and Enable passwords all worked. Some time in t… | Spiceworks General Support
From community.spiceworks.com
AUTHENTICATING TO CISCO DEVICES USING SSH AND YOUR RSA …
Authenticating to Cisco devices using SSH and your RSA Public Key Using an RSA Public/Private key pair instead of a password to authenticate an SSH session is popular on Linux/Unix boxes. Digital Ocean, a Virtual Private Server (VPS) provider, has this advice on how you should log into their Droplets: “you should use public key authentication instead of …
From hubbardonnetworking.wordpress.com
HOW TO CONFIGURE SSH PUBLIC KEY AUTHENTICATION FOR … — …
This document describes how to generate a private secure shell (SSH) key and use that for username and authentication when logging into the command line interface (CLI) on the Cisco Email Security Appliance (ESA). How to configure SSH Public Key Authentication for login to the ESA without a password. Public-key authentication (PKI) is an authentication …
From cisco.com
Не давно понадобилось настроить Cisco так, что бы при подключении к устройству по протоколу Telnet запрашивались имя пользователя и пароль. И вот тут возникли проблемы.
Если задать:
aaa new-model
aaa authentication login default local
username admin password admin,
а на в настройках Telnet прописать, что login local, то подключение по telnet происходит нормально. запрашивается логин и пароль и отлично заходит в пользовательский режим. Но а дальше не в какую. Если ввести команду enable, то выдает ошибку:
% Error in authentication.
Если прописать:
aaa new-model
aaa authentication login default local
username admin password admin privilege 15.
В настройках telnet — login local. Опять, подключение прошло, запрос логина и пароля и после этого появляется ошибка:
% Login invalid
Подскажите, пожалуйста, как можно настроить авторизацию так, что бы можно при вводе логина и пароля по пасть в прилегированный режим без ввода дополнительного пароля.
__________________
Помощь в написании контрольных, курсовых и дипломных работ, диссертаций здесь
Here is a very simple ansible case which bothered me a lot.
This is the content of ansible.cfg:
[defaults]
transport = paramiko
hostfile = ./hosts
host_key_checking = False
timeout = 5
the content of hosts, all with a user named «cisco» and password of «cisco» too
[routers]
R1
R2
R3
...
the host variable file (R1), similar to R2, R3, …, just different in IP addresses:
---
ansible_ssh_host: 10.10.10.1
ansible_ssh_user: cisco
ansible_ssh_pass: cisco
I can successfully SSH to those routers via linux, but when I use ansible, it resulted in «authentication failed»:
fatal: [R1] => {'msg': 'FAILED: Authentication failed.', 'failed': True}
fatal: [R2] => {'msg': 'FAILED: Authentication failed.', 'failed': True}
...
and I tested the connectivity with some one line ansible commands, still getting errors even when I input the username and password manually, for example:
> ansible routers -m raw
R1 | FAILED => FAILED: Authentication failed.
R2 | FAILED => FAILED: Authentication failed.
> ansible routers -u cisco -m raw
R1 | FAILED => FAILED: Authentication failed.
R2 | FAILED => FAILED: Authentication failed.
> ansible routers -u cisco -m raw -k
SSH password:
R1 | FAILED => FAILED: Authentication failed.
R2 | FAILED => FAILED: Authentication failed.
How can I solve this? helps will be appreciated.