05-05-2011 12:53 PM - edited 03-06-2019 04:55 PM
Hello,
I'm sorry, this is a noob question. I have 2960G Switches that I would like to change the SSH login password. I was able to figure out how to change the enable password. I tried the following from a DOC I found:
Switch>enable
Password:
Switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch (config)#line vty 0 15
Switch (config-line)#password SamplePassword
Switch (config-line)#login
% Incomplete command.
Switch (config-line)#
CTRL + Z to exit
Switch# write memory
Switch# copy run start
Exit
When I SSH back into the switch, the new password fails and the old one still works...
All I want to do is change the admin ssh login, I have successfully changed the enable password and I do not want to change the console password. Telnet is not enabled - Just SSH.
Sorry for the dumb question - I have searched google for a while and just can't get it. I am sure it's something small. Any suggestions would be great. Thanks for your time!!
05-05-2011 01:09 PM
Hi,
For SSH, you require (Username and Password) to be configured on the local device. this is manadatory, since you are able to change the Enable password , you need to create the username and password on the local database for SSH , and you will be using those credentials to login to the router.
In the line vty 0 15, you need to enter this command (Login local) as well, or enable aaa either one of the options.
HTH
Mohamed
05-05-2011 01:19 PM
Thank you very much for your reply - much appreciated. I tried your suggestion and still got some errors kicked back:
Switch>enable
Password:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 15
Switch(config-line)#password SamplePassword
Switch(config-line)#login local
^
% Invalid input detected at '^' marker.
Thanks again for your help/suggestion - I did not try enable aaa as I thought that was a local user type database on the switch?
05-05-2011 01:25 PM
Hi,
You dont require a password on line vty, your authentication will be done by the local user database and the enable password.
remove the (password) on line vty 015, configure login local and check your SSH.
Regards,
Mohamed
05-05-2011 01:37 PM
When I run no password and then local login on vty 0 15 I get the same error:
Switch (config-line)#login local
^
% Invalid input detected at '^' marker.
The options I seem to have:
Switch (config-line)#login ?
authentication Authentication parameters.
Regular config t with no line:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#login local
^
% Invalid input detected at '^' marker.
Sorry - I am fairly new to doing this.
Regards and thank you again.
The "^" is at the first l on local.
05-05-2011 01:44 PM
configure the following:
aaa new-model
aaa authentication login default local enable
line vty 0 15
login authentication default
Make sure to create (Username and password) on the local database a long with your enable password.
Regards,
Mohamed
05-06-2011 02:24 AM
Hi Mohamed,
When using AAA, the default login method is automatically applied to all lines so no need for this command login authentication default as it is already applied.If you wanted to override with another login method then you would have to configure it on the appropriate lines.
Regards.
Alain.
08-04-2014 12:57 AM
Hi,
I have password for ssh in cisco router
i need to change please help me.
Reg
Manoj.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide