Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
2
Replies

Two local users for ssh, one works and the other doesn't

Go to solution
esa_fresa
Level 1
Level 1

‎07-12-2016 09:05 PM

I've created the two users below.

username cisco privilege 15 password 0 cisco
username hello password 0 hello privilege 15

I can ssh with the "cisco" user with no issues, but I get access denied when logging in with "hello". Since the configuration kept the order of the privilege and password commands as I entered them, I'm assuming that the order matters in some way? Can someone explains what's going on here?

Cisco 1841, Version 15.1(4)M10

Debug of ssh

*Jul 13 03:53:28.159: SSH2 0: expecting SSH2_MSG_KEX_DH_GEX_INIT
*Jul 13 03:53:28.159: SSH2 0: SSH2_MSG_KEXDH_INIT received
*Jul 13 03:53:28.639: SSH2: kex_derive_keys complete
*Jul 13 03:53:28.639: SSH2 0: SSH2_MSG_NEWKEYS sent
*Jul 13 03:53:28.639: SSH2 0: waiting for SSH2_MSG_NEWKEYS
*Jul 13 03:53:28.683: SSH2 0: SSH2_MSG_NEWKEYS received
*Jul 13 03:53:36.459: SSH2 0: Using method = none
*Jul 13 03:53:36.459: SSH2 0: Using method = keyboard-interactive
*Jul 13 03:53:43.075: SSH0: password authentication failed for hello
*Jul 13 03:53:45.075: SSH2 0: Using method = keyboard-interactive

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos Megis
Level 3
Level 3

‎07-12-2016 11:37 PM

Hi,
everything behind ...password 0... is considered as password.

So your username is hello and password: "hello privilege 15"

If you want to have user hello with pasword "hello" then type commands:
no username hello
username hello privilege 15 password 0 hello

Consider to use "secret" keyword instead of "password" keyword.
Secret password cannot be revealed back.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Milos Megis
Level 3
Level 3

‎07-12-2016 11:37 PM

Hi,
everything behind ...password 0... is considered as password.

So your username is hello and password: "hello privilege 15"

If you want to have user hello with pasword "hello" then type commands:
no username hello
username hello privilege 15 password 0 hello

Consider to use "secret" keyword instead of "password" keyword.
Secret password cannot be revealed back.

0 Helpful

Go to solution
esa_fresa
Level 1
Level 1
In response to Milos Megis

‎07-13-2016 08:21 AM

Oh, by golly, I didn't think of that!

I used passwords to troubleshoot easier. Ironically using secrets I would have spotted this right away. Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents