Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
7
Replies

mode enable don't work

akpeliodon
Level 1
Level 1

‎03-14-2024 11:00 AM

in ssh mode on a router I removed the enable secret mode and I saved afterwards I always try to connect in ssh mode and I receive an error message in the authentication but when I connect to this same router with a console cable I easily access privileged mode

how can I get back into enable mode during my ssh connection?

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎03-14-2024 11:14 AM

what router model ? and what IOS code running ?

what commands you removed ?

if the user is local and have priv 15 they can directly get in access as example below : 

 

example i use below for all device to SSH v2 using local user cisco and cisco for lab :

 

enable secret 5 $1$jtK0$yyHFcVM7xyelts1csVwrV/
!
username cisco privilege 15 secret 5 $1$0qFD$ZEMDi.7z1QTtF4EuPdlSY.
aaa new-model
!
aaa authorization config-commands
!
aaa session-id common
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
no ip domain-lookup
ip domain-name bb.com
ip cef
no ipv6 cef
!

ip ssh version 2
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous level 0 limit 20
stopbits 1
line aux 0
line vty 0 4
privilege level 15
password cisco
transport input ssh
transport output all
!
######### Generate SSH keys :
crypto key generate rsa

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

akpeliodon
Level 1
Level 1
In response to balaji.bandi

‎03-14-2024 11:42 AM

CISCO 1941/k9 modele

 

transport input ssh

line vty 5 15

 login local

 transport input ssh

!

scheduler version 15.7

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

boot-start-marker

boot system flash:c1900-universalk9-mz.SPA.157-3.M5.bin

boot system flash:c1900-universalk9-mz.SPA.157-3.M9.bin

boot-end-marker

enable secret 5 $1$P9vN$mEFEcZiqJDgeQUX30von70

no aaa new-model

memory-size iomem 10

ip cef

no ipv6 cef

multilink bundle-name authenticated

cts logging verbose

license udi pid CISCO1921/K9 sn FGL211723RS

line con 0

 password test123

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 login local

allocate 20000 1000

 

 

that is the routeur configuration

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to akpeliodon

‎03-14-2024 11:52 AM

I did not see the username in your config ? configure username and password and test it.

are you trying to login using Telnet or SSH ?

line vty 0 4

transport input ssh

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

akpeliodon
Level 1
Level 1
In response to balaji.bandi

‎03-14-2024 12:13 PM

yes I just removed it from the publication for security reasons otherwise there are accounts created with enable mode privilege 15 and secret telnet does not work

0 Helpful

liviu.gheorghe
Spotlight
Spotlight
In response to akpeliodon

‎03-14-2024 12:27 PM

To be able to login into the router directly in privileged mode, the following config must be applied:

username cisco privilege 15 secret cisco

line vty 0 4

 login local

 transport input ssh telnet

If you have aaa new-model configured, then add the following commands as well:

aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local

Hope this helps.

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

akpeliodon
Level 1
Level 1
In response to liviu.gheorghe

‎03-15-2024 12:33 AM

by the way when I connect with the console cable it does not ask me for username and password it takes me directly to privileged mode but when I try the remote ssh connection it gives me the username and password command prompt that I then validate when I do enable this is where I receive the error message error in the authentication

and i don't use aaa all username are created in router directely

0 Helpful

liviu.gheorghe
Spotlight
Spotlight
In response to akpeliodon

‎03-15-2024 12:53 AM

by the way when I connect with the console cable it does not ask me for username and password it takes me directly to privileged mode

This is probably because you didn't exit the console line from your previous login on the console.

but when I try the remote ssh connection it gives me the username and password command prompt that I then validate when I do enable this is where I receive the error message error in the authentication

and i don't use aaa all username are created in router directely

If you dont have aaa new-model enabled, then the following commands:

username cisco privilege 15 secret cisco

line vty 0 4

 login local

 transport input ssh telnet

should priviledged access to your device when you telnet or ssh to it.

Can you share the output of the command show run | include aaa ?

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card