01-05-2012 12:00 PM
We just upgraded our Sg300 series switches to the new IOS so we can get CLI access. The upgrade went fine but it seems we have two login prompts, the first being completely unnecessary as you can just hit return to get by it. IE here is the progression:
1. Connect SSH
2. Receive a "login:" prompt. Anything can be entered here, including just return
3. Login banner is displayed
4. Username Prompt is then displayed. Valid username required
5. Password Prompt displayed - Valid password required
6. Now at CLI 1. Connect SSH
I am trying to get rid of that first login prompt (IE Step 2) as it is causing issues with our configuration software. I have tried every line and authentication command I can think of, the only thing that gets rid of it is using none authentication which obviously we can't stay with. Anyone else have this issue and how did you get around it?
01-14-2012 10:46 AM
Hi
Yep seen the same thing, as captured below in red and it doesn't look correct.
I opened up two SSH sessions login=test1 login=test2 which can be seen in the screen capture below in red.
It's neat that I can differentiate these sessions, but it still looks weird.
I have open a case (SR# 620357317) with the wonderful folk at Small Business Support center (SBSC).
I may update the post , but you are correct, it just doesn't look right..
But these switches have a fantastic Warranty, you have the ability to call the good folk at SBSC for support to resolve issues or questions you come across. Thank you for your business.
regards Dave.
login as: test2
User Name:dave
Password:******
SG300-10P#sh ip ssh
SSH Server enabled. Port: 22
RSA key was generated.
DSA(DSS) key was not generated.
SSH Public Key Authentication is disabled.
Active incoming sessions:
IP address SSH username Version Cipher Auth Code
----------------- -------------- ----------- ----------- --------------
192.168.20.100 test1 SSH-2.0-PuT aes256-cbc hmac-sha1
TY_Release_
0.61
192.168.20.100 test2 SSH-2.0-PuT aes256-cbc hmac-sha1
TY_Release_
0.61
01-28-2012 07:54 AM
Hi John,
An answer I got almost 2 weeks ago by opening up a case with the great folks at the Small Business Support Center ..."That is the way it works for our SSH (SSH authentication first then AAA authentication) Though, there is already plan to eliminate this double log in in 1.2.5 "
I wasn't happy with the response, if there is some RSA key echange at the first login , then I didn't want to see it as a login.
OK.. but it will be tidied up, so i was told in the next release for firmware.
regards Dave
07-12-2018 11:04 AM
I added
aaa authentication login SSH local
aaa authentication enable SSH enable
aaa authentication login Telnet local
aaa authentication enable Telnet enable
and it got rid of the double logon issue
07-12-2018 11:12 AM
OK my update missing some info
Added that above as well as
ip ssh server
ip ssh password-auth
encrypted ip ssh-client password *******************************************
ip ssh-client server authentication
11-08-2018 06:30 AM
Thanks Robert Connelly, by adding just the command "ip ssh password-auth" was enough, still I am sharing my aaa config here in case someone has a similar config.
aaa authentication login authorization ssh tacacs local
aaa authentication enable authorization ssh tacacs enable
aaa authentication login Console tacacs local
aaa authentication enable Console tacacs enable
aaa accounting login start-stop group tacacs+
Regards.
03-19-2020 10:43 AM
Please let us know how to resolve the same issue for sf220.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide