cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1919
Views
2
Helpful
15
Replies

Create New User For SSH

kemarnorton
Level 1
Level 1

Hi Team,

Seeking some help. Cut long story short the person they had that was doing the networking leave the company and change most of the username password for the equipment.

I was able to console in some of the equipment and I tired to create a new user with the command below but when I tried to SSH in I keep getting denied. Note the switch is fully configured for SSH and more all I want to do is to add a next user for SSH and then remove the old user.

username cisco privilege 15 secret password

4 Accepted Solutions

Accepted Solutions

You can see it with show run | section vty

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

You must have login local configured on line vty 0 4 in order to use the local users.

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

Hello @kemarnorton ,

as explained by @liviu.gheorghe  you need login local under all the line vty .

With login command authentication is based only on a password and it asks only for the configured password.

so

conf t

line vty 0 4

no login

login local

line vty 5 15

no login

login local

do this from console

Hope to help

Giuseppe

 

View solution in original post

Hello @kemarnorton ,

>> I also see this enable secret 5 $1$oWS/$gM30R.Jl.srXeqTr7OYRt. what does the 5 represent I don't remember learning this in my CCNA course.

the 5 is just a number that says with what encrpytion method  the secret has been encrpyted.

Hope to help

Giuseppe

 

View solution in original post

15 Replies 15

liviu.gheorghe
Spotlight
Spotlight

Hello @kemarnorton ,

in addition to the user creation on the network equipment, you also have to configure the vty lines:

line vty 0 4

login local

transport input ssh

Regards, LG
*** Please Rate All Helpful Responses ***

Those commands was already configured when the first user was created. Do I have to reconfigure those commands with the new user I am creating had well?

Hello @kemarnorton ,

check if the command has been accepted and implemented using:

show run | inc username

check if aaa is configured using

show run | inc aaa

if the only line you see is:

no aaa new-model

your device is not using AAA

alternatively try to use a command without priv 15 keyword  in the username definition

And configure enable secret on the device

Hope to help

Giuseppe

Yes this no aaa new-mode command is configured on the switch

balaji.bandi
Hall of Fame
Hall of Fame

what model of the switch ? and IOS Code running on it ?

As you mentioned before it was working with old users and only new user not working, what logs you see on the switch (other than on client denied ?)

we need to know do you have any AAA model enabled ?

You may try - username cisco privilege 15 secret 5 xxxxxxxxxxxxxxx

Also check on VTY lines you have any 

line vty 0 4
privilege level 15

can you post

show run | in aaa

show run | in username (remove password)

show run | begin vty 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

All the line commands was already configured when the first user was created do I need to reconfigure then with the new user I am adding?

Is there a command access-class <...> in on the line vty ?

Regards, LG
*** Please Rate All Helpful Responses ***

No that I remember. Apart from the show command is there a specific command I can run to see this?