2 Replies Latest reply: Dec 12, 2019 1:07 AM by Parvesh RSS

    known good SSH password from one device to another not working

    Rich

      Hello,

       

      When I SSH from any given device on a network to a particular device (C9200) - my password (that I know I am correctly entering) does not work.

       

      I believe it has something to do with AAA authentication, but need some guidance.

       

      All devices have the "username" configured with the same user and pass settings. However, this C9200 switch does not have AAA new-model enabled while the other devices do have AAA new-model enabled.

       

      When I do a "sho run | inc aaa" on a device configured with AAA I receive the following output:

       

      aaa new-model

      aaa authentication login default local

      aaa authorization exec default local none

      aaa session-id common

       

       

      Is the fix as simple as configuring the AAA settings on the c9200 the same? Will the username line need to be changed or readded after AAA new-model is enabled?

       

      Note that the C9200 is remote and cannot be accessed easily if a reboot is required. Which is why I ultimately do not want to proceed until I am assured that I am configuring AAA correctly.

       

      Please let me know if I can provide any more information.

       

      Thanks in advanced!

        • 1. Re: known good SSH password from one device to another not working
          Ing_Percy

          Hi!

           

          Yes. The basic configuration of AAA must include as minimal these commands:

           

          username {name} secret {password}

          aaa new-model

          aaa authentication login default local enable

          aaa authorization exec default local

           

          When you apply these commands, the method of authentication is applied to all lines (console, vty) by default. You can apply these commands in your C9200 Switch without problems

           

          Regards!

          • 2. Re: known good SSH password from one device to another not working
            Parvesh

             

            Note that the C9200 is remote and cannot be accessed easily if a reboot is required. Which is why I ultimately do not want to proceed until I am assured that I am configuring AAA correctly.

             

             

            in such case, you should arrange console before initiating any changes especially when it can affect access to it.

             

             

            When I SSH from any given device on a network to a particular device (C9200) - my password (that I know I am correctly entering) does not work.

             

            Is the fix as simple as configuring the AAA settings on the c9200 the same? Will the username line need to be changed or readded after AAA new-model is enabled?

             

            Tried finding config guide for C9200 specific to AAA, but could not find. Does your statement mean - the same config is working across other switches and only C9200 has issues ?