Solved: Re: IOS SSH AAA help!!

alex goshtaei · ‎05-05-2009

Hi All,

I have this config:

aaa authentication login default local line enable

aaa authorization console

aaa authorization exec default local

aaa authorization network default local

line vty 0 4

password Gr834!

transport preferred ssh

transport input ssh

transport output ssh

then create username "admin" with privilege 15. But I can't login to SSH with this username and password? I've already generated public key on the router.

any idea would be very appreciated.

thanks

Alex

nomair_83 · ‎05-06-2009

try this:

username cisco password cisco

enable secret cisco

ip domain-name nsp.org

crypto key genrete rsa 1024

ip ssh version 2

line vty 0 4

transport input all

exit

View solution in original post

nomair_83 · ‎05-06-2009

try this:

username cisco password cisco

enable secret cisco

ip domain-name nsp.org

crypto key genrete rsa 1024

ip ssh version 2

line vty 0 4

transport input all

exit

antonio.ocampo · ‎05-06-2009

crypto key generate rsa 1024

nomair_83 · ‎05-06-2009

SSH normally works with minimum 1024.

bretjaquish · ‎05-07-2009

Here is a complete ssh config that doesn't need a hostname or domain name:

crypto key gen rsa gen label SSH_Keys mod 1024

ip ssh ver 2

ip ssh authentication-retries 3

ip ssh time-out 90

ip ssh source-interface loopback0

username test secret p@ssw0rd

enable secret s3cr3tPassw0rd!

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

line vty 0 4

transport input ssh

I would recommend AGAINST creating level 15 usernames.