Secure Shell(SSH) user accounts are required in order to log on. These accounts can be stored in a local database on the switch or on a central access server named Terminal Access Controller Access-Control System (TACACS), which is an industry-standard authentication server. Most small organizations and even some larger ones rely on the local database for user authentication.
To use the local database for authentication, you need to do two things in this order:
Create at least one user account.
Configure your switch to use the local database rather than a password, which is done on an interface basis.
Creating a user in the account database
To create a user in the account database, use a command like the following to specify the username and password:
Switch1>enable
Password:
Switch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)#username remoteuser password remotepass
Switch1(config)#username edt password edpass
Switch1(config)#exit
Removing a user
To remove a user, you can use the standard no command and then specify the username in the same way that the following command removes the user named remoteuser from the local database.
Switch1>enable
Password:
Switch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)#no username remoteuser
Switch1(config)#exit
Enable user-level protection
Finally, you need to enable the login local setting on the interfaces you want to protect with this user-level protection, using a command similar to the following:
Switch1>enable
Password:
Switch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)#line aux 0
Switch1(config-line)#login local
Switch1(config-line)#exit
Switch1(config)#exit
dummies
Source:http://www.dummies.com/how-to/content/secure-shell-ssh-user-account-management.html
No comments:
Post a Comment