[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1067
  • Last Modified:

Ssh with username on Catalyst 3560

How do I configure ssh with username login for my vty? Thx
0
biggynet
Asked:
biggynet
6 Solutions
 
Syed_M_UsmanCommented:
0
 
btanExec ConsultantCommented:
For ssh login you need a user/password combination so you have to modify the login method on the vty line but to do so, you may use AAA (with local user database or RADIUS server) or just  simply local user database.

E.g. with AAA you have to define your login authentication method by naming it or just use the default name which is automatically attached to all your lines.

1) User database
   - username USER secret PASSWORD
   - line vty 0 4
     login local
     transport input ssh

2) AAA with default login method
    - aaa new-model
    - aaa authentication login default local
    - line vty 0 4
      transport input ssh

3) AAA with named authentication
   - aaa new-model
   - aaa authentication login MYLOGIN local
   - line vty 0 4
     login authentication MYLOGIN
     transport input ssh

4) If you want to keep simple password login for console at the same time, can add this:
  aaa authentication login MYCONSOLE line
  line con 0
  password PASSWORD
  login authentication MYCONSOLE
0
 
btanExec ConsultantCommented:
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
biggynetAuthor Commented:
breadtan,

do I need to configure encryption key for ssh or it is just an option?
0
 
btanExec ConsultantCommented:
Yes that is necessary for ssh
0
 
mikebernhardtCommented:
Make sure you have a domain name configured on the switch before you configure your RSA key
In config mode,
ip domain-name company.com

THEN
crypto key gen rsa

It will ask for how many bits, tell it 1024

When it's done, exit config mode and save the config. That's all you need to do to configure ssh. After that, any authentication method will work in the same way as telnet. Note that you have to have an IOS image that supports crypto. the binary name will have "k9" in it.
0
 
biggynetAuthor Commented:
why do you need the domain name
0
 
btanExec ConsultantCommented:
You will be unable to complete the crypto key generate rsa command without a host name and IP domain name. However, this is not true only when you generate a named-key-pair. For example, you can create RSA keys which are labelled by you.

Such as >>  ciscolab(config)#crypto key generate rsa general-keys label TEST

Note: If not doing the named-key-pair, you will need to ensure your router has a host name and IP domain name configured (with the hostname and ip domain-name commands).
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now