02-20-2024 11:44 PM
How to remove the enable password during SSH login on Cisco 3850 switch
Enable password Cisco123, after deletion, SSH prompts that a password is required to log in
Solved! Go to Solution.
02-20-2024 11:57 PM
Its all depends on the configuration,
is the users are created on locally on switch, if the user has priv level 15 and configuration ok that should give direct access to #
Try access from console and make changes or post the relavant configuration to suggest you to fix (even in console you dont have that access, then you need to follow reset proceedure)
example below for the local user wth priv 15
enable secret 5 $1$jtK0$yyHFcVM7xyelts1csVwrV/
!
username cisco privilege 15 secret 5 $1$0qFD$ZEMDi.7z1QTtF4EuPdlSY.
aaa new-model
!
aaa authorization config-commands
!
aaa session-id common
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
no ip domain-lookup
ip domain-name bb.com
ip cef
no ipv6 cef
!
ip ssh version 2
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous level 0 limit 20
stopbits 1
line aux 0
line vty 0 4
privilege level 15
password cisco
transport input ssh
transport output all
!
######### Generate SSH keys :
crypto key generate rsa
password recovery :
02-20-2024 11:45 PM
02-20-2024 11:57 PM
Its all depends on the configuration,
is the users are created on locally on switch, if the user has priv level 15 and configuration ok that should give direct access to #
Try access from console and make changes or post the relavant configuration to suggest you to fix (even in console you dont have that access, then you need to follow reset proceedure)
example below for the local user wth priv 15
enable secret 5 $1$jtK0$yyHFcVM7xyelts1csVwrV/
!
username cisco privilege 15 secret 5 $1$0qFD$ZEMDi.7z1QTtF4EuPdlSY.
aaa new-model
!
aaa authorization config-commands
!
aaa session-id common
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
no ip domain-lookup
ip domain-name bb.com
ip cef
no ipv6 cef
!
ip ssh version 2
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous level 0 limit 20
stopbits 1
line aux 0
line vty 0 4
privilege level 15
password cisco
transport input ssh
transport output all
!
######### Generate SSH keys :
crypto key generate rsa
password recovery :
02-20-2024 11:57 PM
Hello @angel9999 ,
from the picture you shared, it seems that the enable password is not set on the switch.
Depending on how your switch is configured, you could try to access the switch using the console port and try to issue the enable command from there - it could work if no specific authentication rules are set for the console port.
If you get access through the console port, the first thing to do is going in config mode and setting an enable secret password and saving the config:
device#configure terminal
device(config)#enable secret Your-password-here
device(config)#^Z
device#copy running start
Now you should be able to issue the enable command when you access the switch via ssh.
Hope this helps
02-21-2024 12:04 AM
I don't want to enable ambient password
02-21-2024 01:07 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide