Configuraiton ssh to login device via hwtacacs authentication

Latest reply: Oct 23, 2018 05:40:53 1229 13 11 0

 

hwtacacsserver template ht
 hwtacacs server authentication 1.1.1.1
 hwtacacs server authentication 1.1.1.2 secondary
 hwtacacs server authorization  1.1.1.1
 hwtacacs server authorization 1.1.1.2 secondary
 hwtacacs server accounting  1.1.1.1
 hwtacacs server accounting 1.1.1.2 secondary
 hwtacacs server source-ip 192.168.0.1
 hwtacacs server shared-key cipher%^%#$<j`EnfRJLt`KP(\e9M({rmIPZ]u,F[bjd*X%6g.%^%#
 hwtacacs server user-name domain-excluded
#
aaa
 #
 authentication-scheme default
 #
 authentication-scheme hwtacacs
  authentication-mode hwtacacs local
 #    
 authorization-scheme hwtacacs
  authorization-mode hwtacacs local
 #
 accounting-scheme hwtacacs
  accounting-mode hwtacacs
 #
 domain default
 #
 domain default_admin

  authentication-scheme hwtacacs
  authorization-scheme hwtacacs

  accounting-scheme hwtacacs
  hwtacacs server ht

 #
 recording-scheme newscheme
  recording-mode hwtacacs ht
 #              
 system recording-scheme newscheme
 #
 outbound recording-scheme newscheme
 #
 cmd recording-scheme newscheme
#

stelnet server enable

ssh authentication-type default password

user-interface vty 0 4
 authentication-mode aaa

  • x
  • convention:

Torrent
Created Oct 12, 2018 06:43:36 Helpful(0) Helpful(0)

At first, I want to thank you very much, it is a good example to all of us. we meet this issue in daily work but I do not know how to deal with.
I am very interested for this post, which is very helpful to our daily troubleshooting. I always have similar problems in my daily work, but I do not know how to deal with them. Now I have a clear idea. Thank you very much for your sharing. Hope you can update continue like this This post was last edited by Torrent at 2018-10-22 06:08.
  • x
  • convention:

Barret
Created Oct 12, 2018 10:48:12 Helpful(1) Helpful(1)

This case is a good example of Configuring ssh to login device via hwtacacs authentication if you add more detail description about this example and add the description of configuration steps . And if want to know the configuration of tacacs server, you can refer to my case. [Q&A] NE40E TACACS+ server can't login https://forum.huawei.com/enterprise/en/forum.php?mod=viewthread&tid=452157
  • x
  • convention:

No.9527
Created Oct 15, 2018 00:56:36 Helpful(0) Helpful(0)

  • Users are HWTACACS authenticated and the HWTACACS server template is configured.

  • Users can run this command to change the passwords only when the user names and passwords saved on the HWTACACS do not expire. When a user whose password has expired logs in to the device, the HWTACACS server does not allow the user to change the password and displays a message indicating that the authentication fails.

  • The system wait period is 30 seconds. If the TACACS server does not receive the user name, new password, or confirmed password from the user within such a period, it terminates the password change process.

  • Users can also press Ctrl+C to cancel password change.

  • HWTACACS users who pass AAA authentication can use the hwtacacs-user change-password hwtacacs-server command to change the passwords before the passwords expire. If a user needs to run this command to change the passwords of other users, the user must have the system rights.

This post was last edited by No.9527 at 2018-10-31 06:36.
  • x
  • convention:

littlestone
Created Oct 15, 2018 06:33:12 Helpful(0) Helpful(0)

This case is a good example of Configuring ssh to login device via hwtacacs authenticationConfiguraiton ssh to login device via hwtacacs authentication-2777717-1
  • x
  • convention:

Mark.hu
Created Oct 15, 2018 07:32:03 Helpful(0) Helpful(0)

The key step in configuring the HWTACACS server template is to specify the IP address and port number of the server and the HWTACACS shared key. For other steps, you can configure the HWTACACS user name format and traffic unit to be modified
The HWTACACS user name and the HWTACACS shared key configured on the HWTACACS server template must be the same as those configured on the HWTACACS server.
This post was last edited by Mark.hu at 2018-10-31 07:04.
  • x
  • convention:

yjhd
Created Oct 15, 2018 07:32:43 Helpful(0) Helpful(0)

i think ssh is used on many siutuation, i can learn it from your sharing, thanks This post was last edited by yjhd at 2018-10-31 09:11.
  • x
  • convention:

GongXiaochuan
Created Oct 15, 2018 08:41:43 Helpful(0) Helpful(0)

good to know steps for configuration

This post was last edited by GongXiaochuan at 2018-10-30 04:35.
  • x
  • convention:

Good Good Study Day Day Up
lizhi94
Created Oct 15, 2018 08:57:50 Helpful(0) Helpful(0)

How useful the post is!:)
  • x
  • convention:

lizhi94
Created Oct 16, 2018 03:57:02 Helpful(0) Helpful(0)

This is exactly what I was looking for. I have been stuck for a long time on this problem. you gave me a very good idea ,I very much appreciate it.

Please keep on post and share more cases for all of us
  • x
  • convention:

12
Back to list

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login