Solved: Re: SSH failing authentication but Serial Works - Page 2

Zygodactyl · ‎07-23-2019

I have a Cisco ISR 4431 which i have enable SSH for and locked down to a only respond to single Subnet for SSH.

Weird part is when I try to ssh into the ISR from that subnet I am able to get to the login prompt. However it fails authentication for some reason, but that same user works over a serial connection. Is there maybe a setting for the user i missed or something.

pertainent config lines are as follows

username <redacted> access-class 15



ip access-list standard Limit_SSH
permit 10.92.1.0 0.0.0.255
permit 10.91.3.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
deny any


line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class Limit_SSH in
access-class Limit_SSH out
transport input ssh
transport output ssh
line vty 5 15
access-class Limit_SSH in
access-class Limit_SSH out
transport input ssh
transport output ssh

Zygodactyl · ‎07-24-2019

Yep that is it, aaa policy was messing it up you cannot do local authentication with that for what ever reason once i removed that i was able to authenticate.

Zygodactyl · ‎07-23-2019

It has been a while since i have tested that portion but if i remember correctly if i remove the ACL it starts working.

I will confirm that now.