Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3463
Views
2
Helpful
15
Replies

Create New User For SSH

Go to solution
kemarnorton
Level 1
Level 1

‎02-05-2024 06:39 PM - last edited on ‎02-05-2024 10:07 PM by Cisco Employee

Hi Team,

Seeking some help. Cut long story short the person they had that was doing the networking leave the company and change most of the username password for the equipment.

I was able to console in some of the equipment and I tired to create a new user with the command below but when I tried to SSH in I keep getting denied. Note the switch is fully configured for SSH and more all I want to do is to add a next user for SSH and then remove the old user.

username cisco privilege 15 secret password

Labels:
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to kemarnorton

‎02-06-2024 05:58 AM

You can see it with show run | section vty

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

0 Helpful

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to kemarnorton

‎02-06-2024 06:41 AM

You must have login local configured on line vty 0 4 in order to use the local users.

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to kemarnorton

‎02-06-2024 07:00 AM

Hello @kemarnorton ,

as explained by @liviu.gheorghe  you need login local under all the line vty .

With login command authentication is based only on a password and it asks only for the configured password.

so

conf t

line vty 0 4

no login

login local

line vty 5 15

no login

login local

do this from console

Hope to help

Giuseppe

 

View solution in original post

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to kemarnorton

‎02-06-2024 07:22 AM

Hello @kemarnorton ,

>> I also see this enable secret 5 $1$oWS/$gM30R.Jl.srXeqTr7OYRt. what does the 5 represent I don't remember learning this in my CCNA course.

the 5 is just a number that says with what encrpytion method  the secret has been encrpyted.

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
15 Replies 15

Go to solution
liviu.gheorghe
Spotlight
Spotlight

‎02-05-2024 10:39 PM

Hello @kemarnorton ,

in addition to the user creation on the network equipment, you also have to configure the vty lines:

line vty 0 4

login local

transport input ssh

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Go to solution
kemarnorton
Level 1
Level 1
In response to liviu.gheorghe

‎02-06-2024 02:52 AM

Those commands was already configured when the first user was created. Do I have to reconfigure those commands with the new user I am creating had well?
0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to kemarnorton

‎02-06-2024 03:52 AM

Hello @kemarnorton ,

check if the command has been accepted and implemented using:

show run | inc username

check if aaa is configured using

show run | inc aaa

if the only line you see is:

no aaa new-model

your device is not using AAA

alternatively try to use a command without priv 15 keyword  in the username definition

And configure enable secret on the device

Hope to help

Giuseppe

0 Helpful

Go to solution
kemarnorton
Level 1
Level 1
In response to Giuseppe Larosa

‎02-06-2024 04:25 AM

Yes this no aaa new-mode command is configured on the switch
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-05-2024 11:57 PM

what model of the switch ? and IOS Code running on it ?

As you mentioned before it was working with old users and only new user not working, what logs you see on the switch (other than on client denied ?)

we need to know do you have any AAA model enabled ?

You may try - username cisco privilege 15 secret 5 xxxxxxxxxxxxxxx

Also check on VTY lines you have any 

line vty 0 4
privilege level 15

can you post

show run | in aaa

show run | in username (remove password)

show run | begin vty 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
kemarnorton
Level 1
Level 1
In response to balaji.bandi

‎02-06-2024 03:07 AM

All the line commands was already configured when the first user was created do I need to reconfigure then with the new user I am adding?
0 Helpful

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to kemarnorton

‎02-06-2024 05:40 AM

Is there a command access-class <...> in on the line vty ?

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Go to solution
kemarnorton
Level 1
Level 1
In response to liviu.gheorghe

‎02-06-2024 05:51 AM

No that I remember. Apart from the show command is there a specific command I can run to see this?
0 Helpful

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to kemarnorton

‎02-06-2024 05:58 AM

You can see it with show run | section vty

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

Go to solution
kemarnorton
Level 1
Level 1
In response to liviu.gheorghe

‎02-06-2024 06:32 AM

this is what I am seeing for vty lines

line vty 0 4
password 7 12355530420548341D0F
login
transport input telnet
line vty 5 15
password 7 0723716B1E075D352036
login
transport input ssh

0 Helpful

Go to solution
liviu.gheorghe
Spotlight
Spotlight
In response to kemarnorton

‎02-06-2024 06:41 AM

You must have login local configured on line vty 0 4 in order to use the local users.

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
kemarnorton
Level 1
Level 1
In response to liviu.gheorghe

‎02-06-2024 07:15 AM

Thanks, this works I am now able to login
0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to kemarnorton

‎02-06-2024 07:00 AM

Hello @kemarnorton ,

as explained by @liviu.gheorghe  you need login local under all the line vty .

With login command authentication is based only on a password and it asks only for the configured password.

so

conf t

line vty 0 4

no login

login local

line vty 5 15

no login

login local

do this from console

Hope to help

Giuseppe

 

0 Helpful

Go to solution
kemarnorton
Level 1
Level 1
In response to Giuseppe Larosa

‎02-06-2024 07:17 AM

I work thanks all.

I also see this enable secret 5 $1$oWS/$gM30R.Jl.srXeqTr7OYRt. what does the 5 represent I don't remember learning this in my CCNA course.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card