This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
Configuraiton ssh to logi...

Configuraiton ssh to login device via hwtacacs authentication

Latest reply: Oct 23, 2018 13:40:53 1145 13 11 0
display all floors #1

 

hwtacacsserver template ht
 hwtacacs server authentication 1.1.1.1
 hwtacacs server authentication 1.1.1.2 secondary
 hwtacacs server authorization  1.1.1.1
 hwtacacs server authorization 1.1.1.2 secondary
 hwtacacs server accounting  1.1.1.1
 hwtacacs server accounting 1.1.1.2 secondary
 hwtacacs server source-ip 192.168.0.1
 hwtacacs server shared-key cipher%^%#$<j`EnfRJLt`KP(\e9M({rmIPZ]u,F[bjd*X%6g.%^%#
 hwtacacs server user-name domain-excluded
#
aaa
 #
 authentication-scheme default
 #
 authentication-scheme hwtacacs
  authentication-mode hwtacacs local
 #    
 authorization-scheme hwtacacs
  authorization-mode hwtacacs local
 #
 accounting-scheme hwtacacs
  accounting-mode hwtacacs
 #
 domain default
 #
 domain default_admin

  authentication-scheme hwtacacs
  authorization-scheme hwtacacs

  accounting-scheme hwtacacs
  hwtacacs server ht
 #
 recording-scheme newscheme
  recording-mode hwtacacs ht
 #              
 system recording-scheme newscheme
 #
 outbound recording-scheme newscheme
 #
 cmd recording-scheme newscheme
#

stelnet server enable

ssh authentication-type default password

user-interface vty 0 4
 authentication-mode aaa

  • x
  • convention:

Helpful (11) Favorite(0) Share Report
Created Oct 12, 2018 14:43:36 Helpful(0) Helpful(0)

At first, I want to thank you very much, it is a good example to all of us. we meet this issue in daily work but I do not know how to deal with.
I am very interested for this post, which is very helpful to our daily troubleshooting. I always have similar problems in my daily work, but I do not know how to deal with them. Now I have a clear idea. Thank you very much for your sharing. Hope you can update continue like this This post was last edited by Torrent at 2018-10-22 14:08.
  • x
  • convention:
Created Oct 12, 2018 18:48:12 Helpful(1) Helpful(1)

This case is a good example of Configuring ssh to login device via hwtacacs authentication if you add more detail description about this example and add the description of configuration steps . And if want to know the configuration of tacacs server, you can refer to my case. [Q&A] NE40E TACACS+ server can't login https://forum.huawei.com/enterprise/en/forum.php?mod=viewthread&tid=452157
  • x
  • convention:
Created Oct 15, 2018 08:56:36 Helpful(0) Helpful(0)

  • Users are HWTACACS authenticated and the HWTACACS server template is configured.

  • Users can run this command to change the passwords only when the user names and passwords saved on the HWTACACS do not expire. When a user whose password has expired logs in to the device, the HWTACACS server does not allow the user to change the password and displays a message indicating that the authentication fails.

  • The system wait period is 30 seconds. If the TACACS server does not receive the user name, new password, or confirmed password from the user within such a period, it terminates the password change process.

  • Users can also press Ctrl+C to cancel password change.

  • HWTACACS users who pass AAA authentication can use the hwtacacs-user change-password hwtacacs-server command to change the passwords before the passwords expire. If a user needs to run this command to change the passwords of other users, the user must have the system rights.

This post was last edited by No.9527 at 2018-10-31 14:36.
  • x
  • convention:
Created Oct 15, 2018 14:33:12 Helpful(0) Helpful(0)

This case is a good example of Configuring ssh to login device via hwtacacs authenticationConfiguraiton ssh to login device via hwtacacs authentication-2777717-1
  • x
  • convention:
Created Oct 15, 2018 15:32:03 Helpful(0) Helpful(0)

The key step in configuring the HWTACACS server template is to specify the IP address and port number of the server and the HWTACACS shared key. For other steps, you can configure the HWTACACS user name format and traffic unit to be modified
The HWTACACS user name and the HWTACACS shared key configured on the HWTACACS server template must be the same as those configured on the HWTACACS server.
This post was last edited by Mark.hu at 2018-10-31 15:04.
  • x
  • convention:
Created Oct 15, 2018 15:32:43 Helpful(0) Helpful(0)

i think ssh is used on many siutuation, i can learn it from your sharing, thanks This post was last edited by yjhd at 2018-10-31 17:11.
  • x
  • convention:
Created Oct 15, 2018 16:41:43 Helpful(0) Helpful(0)

good to know steps for configuration

This post was last edited by GongXiaochuan at 2018-10-30 12:35.
  • x
  • convention:
Good Good Study Day Day Up
Created Oct 15, 2018 16:57:50 Helpful(0) Helpful(0)

How useful the post is!:)
  • x
  • convention:
Created Oct 16, 2018 11:57:02 Helpful(0) Helpful(0)

This is exactly what I was looking for. I have been stuck for a long time on this problem. you gave me a very good idea ,I very much appreciate it.

Please keep on post and share more cases for all of us
  • x
  • convention:
12
Back to list

Reply

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

Fast reply Scroll to top