Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
I have a couple switches that allow logins to a read-only mode by using SSH with no credentials.
How can I disable this via CLI?
config t
aaa authentication ssh login local (to use local account to login)
aaa authentication ssh login tacacs local (to use tacacs and if tacacs not available, use local account)
You also need to set the login privilege for the local account
Thanks for the info. It looks like "aaa authentication ssh login local" is the default state because it does not show up in the configuration when I do "show run."
I looked at a few different resources but could not figure out how I could set local account login privileges to keep someone from being able to log into the switch with no credentials.
Please see the security guide here: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00061590en_us
For anyone else having this problem, it was resolved for me by adding a password to the builtin "operator" account. There are likely other ways to address this issue, but this one worked for me.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.