Ssh with username on Catalyst 3560

How do I configure ssh with username login for my vty? Thx
biggynetAsked:
Who is Participating?
 
Syed_M_UsmanConnect With a Mentor System AdministratorCommented:
0
 
btanConnect With a Mentor Exec ConsultantCommented:
For ssh login you need a user/password combination so you have to modify the login method on the vty line but to do so, you may use AAA (with local user database or RADIUS server) or just  simply local user database.

E.g. with AAA you have to define your login authentication method by naming it or just use the default name which is automatically attached to all your lines.

1) User database
   - username USER secret PASSWORD
   - line vty 0 4
     login local
     transport input ssh

2) AAA with default login method
    - aaa new-model
    - aaa authentication login default local
    - line vty 0 4
      transport input ssh

3) AAA with named authentication
   - aaa new-model
   - aaa authentication login MYLOGIN local
   - line vty 0 4
     login authentication MYLOGIN
     transport input ssh

4) If you want to keep simple password login for console at the same time, can add this:
  aaa authentication login MYCONSOLE line
  line con 0
  password PASSWORD
  login authentication MYCONSOLE
0
 
btanConnect With a Mentor Exec ConsultantCommented:
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
biggynetAuthor Commented:
breadtan,

do I need to configure encryption key for ssh or it is just an option?
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Yes that is necessary for ssh
0
 
mikebernhardtConnect With a Mentor Commented:
Make sure you have a domain name configured on the switch before you configure your RSA key
In config mode,
ip domain-name company.com

THEN
crypto key gen rsa

It will ask for how many bits, tell it 1024

When it's done, exit config mode and save the config. That's all you need to do to configure ssh. After that, any authentication method will work in the same way as telnet. Note that you have to have an IOS image that supports crypto. the binary name will have "k9" in it.
0
 
biggynetAuthor Commented:
why do you need the domain name
0
 
btanConnect With a Mentor Exec ConsultantCommented:
You will be unable to complete the crypto key generate rsa command without a host name and IP domain name. However, this is not true only when you generate a named-key-pair. For example, you can create RSA keys which are labelled by you.

Such as >>  ciscolab(config)#crypto key generate rsa general-keys label TEST

Note: If not doing the named-key-pair, you will need to ensure your router has a host name and IP domain name configured (with the hostname and ip domain-name commands).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.