SSH Login Password Change

Virtual_RV · ‎05-05-2011

Hello,

I'm sorry, this is a noob question. I have 2960G Switches that I would like to change the SSH login password. I was able to figure out how to change the enable password. I tried the following from a DOC I found:

Switch>enable
Password:
Switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch (config)#line vty 0 15
Switch (config-line)#password SamplePassword

Switch (config-line)#login
% Incomplete command.

Switch (config-line)#

CTRL + Z to exit

Switch# write memory

Switch# copy run start

Exit

When I SSH back into the switch, the new password fails and the old one still works...

All I want to do is change the admin ssh login, I have successfully changed the enable password and I do not want to change the console password. Telnet is not enabled - Just SSH.

Sorry for the dumb question - I have searched google for a while and just can't get it. I am sure it's something small. Any suggestions would be great. Thanks for your time!!

Mohamed Sobair · ‎05-05-2011

Hi,

For SSH, you require (Username and Password) to be configured on the local device. this is manadatory, since you are able to change the Enable password , you need to create the username and password on the local database for SSH , and you will be using those credentials to login to the router.

In the line vty 0 15, you need to enter this command (Login local) as well, or enable aaa either one of the options.

HTH

Mohamed

Virtual_RV · ‎05-05-2011

Thank you very much for your reply - much appreciated. I tried your suggestion and still got some errors kicked back:

Switch>enable
Password:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 15
Switch(config-line)#password SamplePassword

Switch(config-line)#login local
^
% Invalid input detected at '^' marker.

Thanks again for your help/suggestion - I did not try enable aaa as I thought that was a local user type database on the switch?

Mohamed Sobair · ‎05-05-2011

Hi,

You dont require a password on line vty, your authentication will be done by the local user database and the enable password.

remove the (password) on line vty 015, configure login local and check your SSH.

Regards,

Mohamed

Virtual_RV · ‎05-05-2011

When I run no password and then local login on vty 0 15 I get the same error:

Switch (config-line)#login local
^
% Invalid input detected at '^' marker.

The options I seem to have:

Switch (config-line)#login ?
authentication Authentication parameters.

Regular config t with no line:

Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#login local
^
% Invalid input detected at '^' marker.

Sorry - I am fairly new to doing this.

Regards and thank you again.

The "^" is at the first l on local.

Mohamed Sobair · ‎05-05-2011

configure the following:

aaa new-model

aaa authentication login default local enable

line vty 0 15

login authentication default

Make sure to create (Username and password) on the local database a long with your enable password.

Regards,

Mohamed

cadet alain · ‎05-06-2011

Hi Mohamed,

When using AAA, the default login method is automatically applied to all lines so no need for this command login authentication default as it is already applied.If you wanted to override with another login method then you would have to configure it on the appropriate lines.

Regards.

Alain.

Don't forget to rate helpful posts.

manojkulk · ‎08-04-2014

Hi,

I have password for ssh in cisco router

i need to change please help me.

Reg

Manoj.