Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2399
Views
0
Helpful
4
Replies

Cisco SSH client on router enable password not sent

ashley_dew
Level 1
Level 1

‎08-18-2015 10:28 PM - edited ‎03-08-2019 01:25 AM

Hi,

 

I have a problem with a cisco router ssh client. From a Cisco router, I launch a ssh to another cisco router. Login is successful and enters user level.

But when i type enable and type secret at the password prompt, cannot login to privileged mode.

 

Password timeout, authentication fails and returns the password in clear (without the first character) and then invalid command

 

This fails only with enable.The issue is at ssh client level. It seems.

 

 

 

This works well with telnet.

 

This is happening on a Cisco 4431 and with  Cisco IOS XE Software, Version 03.15.01.S

 

We had the same issue with a Cisco 3945 Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.2(3)T2

 

Can you please help.

 

Thanks & Regards,

 

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

shaps
Level 3
Level 3

‎08-19-2015 06:16 AM

it could be that priv level 15 is not entered under the vty lines but don't understand telnet working, could possibly be coming in on a different vty where that command is set 

 

 

0 Helpful

ashley_dew
Level 1
Level 1
In response to shaps

‎08-19-2015 08:49 AM

From the source router from whcih I am doing the ssh

 

line con 0
 exec-timeout 5 0
 
 logging synchronous
 length 38
 transport output telnet ssh
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 120 in
 exec-timeout 5 0
 
 length 38
 transport input ssh
 transport output telnet ssh
line vty 5 15
 access-class 120  in
 exec-timeout 5 0
 
 length 38
 transport input ssh
 transport output telnet ssh

Destination switch/router

 

line con 0
 exec-timeout 5 0
 
 length 38
 transport output none
 stopbits 1
line vty 0 4
 access-class 120 in
 exec-timeout 5 0

 length 38
 transport input ssh
line vty 5 15
 access-class 120 in
 exec-timeout 5 0
 length 38
 transport input ssh

 

I cannot find any config issues. I don't think we need to privilege level 15 for that and it is not in company policy either.

Phase2_SW>enable
Password:
% Password:  timeout expired!
% Error in authentication.

Phase2_SW>
Translating "xxxxxxx"
% Unknown command or computer name, or unable to find computer address
Phase2_SW>
Phase2_SW>en
Password:
% Password:  timeout expired!
% Error in authentication.

Phase2_SW>xxxxxxx
Translating "xxxxxxxx"
% Unknown command or computer name, or unable to find computer address

where xxxxxx is the returned password in clear without the first character.

From the client like putty no issue.

 

 

 

0 Helpful

shaps
Level 3
Level 3
In response to ashley_dew

‎08-24-2015 09:55 AM

do you have any AAA configured, perhaps there is some authentication/authorization commands that are in place that is expecting another password

0 Helpful

SalimMach
Level 1
Level 1

‎07-10-2019 03:22 AM

Hi,
did you fix this problem ? how?
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card