cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3920
Views
0
Helpful
8
Replies

[CISCO ROUTER 3725]Configure ssh and telnet without login, only a password

Hello,

I configure telnet and ssh access on a test router.

Here is my conf :

R1(config)#username cisco2 password cisco

R1(config)#line vty 0 4

R1(config-line)#login local

R1(config)#ip domain-name abc.com

R1(config)#crypto key generate rsa general-keys modulus 1024

The name for the keys will be: R1.abc.com

 

% The key modulus size is 1024 bits

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

 

*Mar 1 00:07:59.295: %SSH-5-ENABLED: SSH 1.99 has been enabled

R1(config)#ip ssh version 2

R1(config)#line vty 0 4

R1(config-line)#transport input ssh telnet

Is it possible to do these access only by a password ?

1 Accepted Solution

Accepted Solutions

There is no other information for it thats all it does  , are you sure it was not already in by default in the startup-config some routers/switches its already set for security reasons

If you have the service password-encryption command enabled, the password you enter is encrypted. When you display it with the more system:running-config command, it is displayed in encrypted form.

If you specify an encryption type, you must provide an encrypted password—an encrypted password you copy from another router configuration.

View solution in original post

8 Replies 8

Mark Malone
VIP Alumni
VIP Alumni

Hey try this

remove username cisco2 password cisco

change login local to just login under vty adn then set password under vty

password xxxx

That should work but its less secure , ás well wouldnt allow telnet you can sniff the wire for the password

Thank you it works !

Yes I sensibilize lack of security about telnet instead of ssh.

Final question, what does it change change if I encrypt a secret password :

conf t

enable secret cisco1

service password-encryption

It doesn't seems to change the sh run, so it is usesell to add service password-encryption ?

so when you enable service [password basically when you do a show run you wont see cisco1 anymore it will be scrambled

For exemple :

Router#conf t
Router(config)#enable secret cisco
Router(config)#do sh run

[...]
enable secret 5 $1$INqJ$0AiQb11Q8Lx.WOvG5PQwA.

[...]

Router(config)#service password-encryption
Router(config)#do sh run
[...]
enable secret 5 $1$INqJ$0AiQb11Q8Lx.WOvG5PQwA.

[...]

Have a look, I can't see the impact of the command service password-encryption on the password ..

Can you give me more information ?

There is no other information for it thats all it does  , are you sure it was not already in by default in the startup-config some routers/switches its already set for security reasons

If you have the service password-encryption command enabled, the password you enter is encrypted. When you display it with the more system:running-config command, it is displayed in encrypted form.

If you specify an encryption type, you must provide an encrypted password—an encrypted password you copy from another router configuration.

So there is no need to activate the command service password-encryption if I set a enable secret mypassword because the parameter "secret" already crypted the password ?

yes secret sets it for md5 automatically but if you have a standard enable password cisco1 it will encrypt that too but you should always try use the md5 where possible

Thanks you very much :)

Review Cisco Networking for a $25 gift card