Restconf denies permission to access the switch via ssh protocol

mohanconnects · ‎11-05-2019

Hello,

I am getting "401 authentication needed" on below curl call

curl -i -k -X "GET" "https://192.168.1.34/restconf/data/Cisco-IOS-XE-native:native/version" -H 'Accept: application/yang-data+json' -u 'admin:admin'

Using the solution given in the below link, can able to hit the API and get response.

The change I made: no aaa new-model

Now the problem is I cannot access the switch using ssh protocol.

ssh root@192.168.1.34
root@192.168.1.34's password:
Permission denied, please try again.
root@192.168.1.34's password:
Authentication failed.

Telnet access works fine:

telnet192.168.1.34
Trying192.168.1.34...
Connected to192.168.1.34.
Escape character is '^]'.

User Access Verification

Password:
Switch>

To make the ssh access works again, I have to config aaa new-model which in turn gives 401 Authentication needed response for RESTCONF API calls.

How to allow both ssh and RESTCONF API calls without affecting one another?

I am new to networking, please let me know if I have to share more info to troubleshoot.

Thanks.

Mohan

MartinKajan · ‎08-12-2020

leave aaa as it is to allow ssh and specify ip http authentication local, and provide create a priviledge level 15 user/pass

egarcial · ‎09-14-2020

The problem can be the transport we are trying with RESTCONF.

RESTCONF uses HTTPS as transport. NETCONF uses SSH.

Slide 30.

egarcial · ‎09-06-2021

The problem can be the transport we are trying with RESTCONF.

RESTCONF uses HTTPS as transport. NETCONF uses SSH.

Slide 30.

Resolving "401 Authentication error - Restconf" denies permission to access the switch via ssh protocol