Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
1
Replies

Prevent PPP credentials from being used for vty/console access

tnweber01
Level 1
Level 1

‎09-20-2015 11:40 AM - edited ‎03-10-2019 12:30 AM

I'm playing with routers and serial interfaces in my home lab while studying for an exam.  I've got two routers using PPP with CHAP authentication to successfully connect, but having defined the username of the opposite router and the password they have in common I can SSH in to manage the routers with those credentials.  I have tried one set of alternate privileges (username otherrouter privilege 0 password password) but that didn't help.

 

Obviously any in-production router that's authenticating to a service provider would have ACLs restricting vty access, but I'd still like to deny usernames that aren't intended for management to be able to ssh or telnet in from the internal side, if it's possible.

 

Sorry for the simpleton question, I've been trying to use print and web resources to find an answer but apparently I don't know how to ask the question right...  Any suggestions for further reading on the topic would be appreciated.

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎09-29-2015 11:34 AM

Hmm, interesting question, that I would also like the answer to. I just tried to find a solution to this in my lab and could not come up with anything :) But I agree, there should be a way to lock a chap/pap user from having access to the vty/console lines. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents