Is a username required for SSH? If so where does it go?
abefroman
Banned Posts: 278
in CCNA & CCENT
Is a username required for SSH? If so where does it go?
line vty 0 4 transport input ssh login username admin ???? password pass1234
Comments
-
Monkerz Member Posts: 842I set mine up like this...
Enable
Configure Terminal
username [username] password [password]
ip domain-name [domainname]
crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
transport input ssh -
abefroman Banned Posts: 278I set mine up like this...
Enable
Configure Terminal
username [username] password [password]
ip domain-name [domainname]
crypto key generate rsa
1024
ip ssh version 2
line vty 0 4
transport input ssh
So is the username command only used for SSH? Or will that be the username for other things as well? -
Monkerz Member Posts: 842When you use "transport input ssh" it turns off telnet and enables ssh. To use both, use " transport input telnet ssh". The user name is for Telnet and SSH. Console doesn't require one, only a password.
-
peanutnoggin Member Posts: 1,096 ■■■□□□□□□□When you use "transport input ssh" it turns off telnet and enables ssh. To use both, use " transport input telnet ssh". The user name is for Telnet and SSH. Console doesn't require one, only a password.
Don't forget you can require your console to use the local database by going under lin con 0 and typing:
login local
That will force the console to use the local username and database. You can also use aaa for username/password with an external server running RADIUS or TACACS+ protocols for authentication. Hope this helps.
-Peanut
EDIT: Before you type the login local under line console 0, be sure to have a local username and password setup on the device.We cannot have a superior democracy with an inferior education system!
-Mayor Cory Booker -
HardDisk Member Posts: 62 ■■□□□□□□□□I set mine up like this...
ip domain-name [domainname]
crypto key generate rsa
1024
I have found that this one line of code below can replace the three lines of code above.
Router(config)#ip http secure-server
Both methods will generate the crypto keys so why use the three lines when one line seems to get the job done?
I've been wondering about this for some time so I'm glad it came up in this post. Thanks for shedding some light on this subject. -
peanutnoggin Member Posts: 1,096 ■■■□□□□□□□I have found that this one line of code below can replace the three lines of code above.
Router(config)#ip http secure-server
Both methods will generate the crypto keys so why use the three lines when one line seems to get the job done?
I've been wondering about this for some time so I'm glad it came up in this post. Thanks for shedding some light on this subject.
The first two things that popped into my head were... what if you don't want HTTPS enabled on your router but you wanted to enable ssh. The default key for the HTTPS is a 1024 key... what if you want a smaller or larger key for your ssh. Other than that... you are correct, the ip http secure-server would suffice. HTHWe cannot have a superior democracy with an inferior education system!
-Mayor Cory Booker