cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1413
Views
5
Helpful
3
Replies

reverse telnet additional login required

milan.kulik
Level 10
Level 10

Hello,

 

I'm configuring a  CISCO1921 router as a teminal server at the moment.

I used http://routing-bits.com/2008/09/30/cisco-terminal-server-with-menu-command/

as a config template and it works.

I just added ssh to access the router instead of Telnet.

 

But what's annoying:

Any time I choose from the menu to connect to a device via reverse Telnet, I'm getting a prompt for the router username and password.

Only after I enter them (the same ones I used to ssh to the router originally), I'm getting the prompt from the device I'm connecting to.

 

It seems to be a built-in feature of the aaa new-model command :-(

Even when I login to the router using a privilege 15 account and issue the reverseTelnet (=connect) command from the CLI, I have to fill the username/pwd again before being allowed to Telnet!

The only way I found so far was

Router(config)#aaa authentication login default none

which is not acceptable, of course.


When I try

Router(config)#no aaa new-model

I'm getting

"Changing configuration back to no aaa new-model is not supported.

Continue?[confirm]"

from the  15.4(1)T1 IOS.

 

Am I missing something?

Is there any way to get rid of this annoying filling the usernam/pwd all the time?

 

Thanks,

Milan

1 Accepted Solution

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hi Milan,

I do not have a similar router and the proper HWIC here right now, but what I am thinking about is configuring a separate AAA auth list for exactly those lines that represent the HWIC serial ports. So for example, something like this:

aaa authentication login NOAUTH none
!
line 0/0/0 0/0/15
login authentication NOAUTH

You could eventually protect these lines with an access-class statement, preventing telnetting into them from outside.

Best regards,
Peter

View solution in original post

3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

Hi Milan,

I do not have a similar router and the proper HWIC here right now, but what I am thinking about is configuring a separate AAA auth list for exactly those lines that represent the HWIC serial ports. So for example, something like this:

aaa authentication login NOAUTH none
!
line 0/0/0 0/0/15
login authentication NOAUTH

You could eventually protect these lines with an access-class statement, preventing telnetting into them from outside.

Best regards,
Peter

Hi Peter,

 

great, seams to work!

(As usually when you advise something.)

 

I'll test more deeply but just connected without the annoying prompt, just an enter was necessary to get the prompt from the target device.

 

Thanks a lot,

Milan

 

Hi Milan,

Glad to have helped!

Best regards,
Peter