Authentication with a Local Password

Authentication with a Local Password
Authentication with a Local Password

In this article we will talk about Authentication with a Local Password, and in previous article we already discussed about Evolution of Security Tools.

Many types of authentication can be performed on networking devices, and each method offers varying levels of security. The simplest method of remote access authentication is to configure a login and password combination on console, vty lines, and aux ports, as shown in the vty lines in the following example. This method is the easiest to implement, but it is also the weakest and least secure. This method provides no accountability and the password is sent in plaintext. Anyone with the password can gain entry to the device.

Configure Authentication

R1(config)# line vty 0 4
R1(config-line)# password ci5c0
R1(config-line)# login

SSH is a more secure form of remote access:

  • It requires a username and a password, both of which are encrypted during transmission.
  • The username and password can be authenticated by the local database method.
  • It provides more accountability because the username is recorded when a user logs in.

The following example illustrates SSH and local database methods of remote access.

R1(config)# ip domain-name example.com
R1(config)# crypto key generate rsa general-keys modulus 2048
R1(config)# username Admin secret Str0ng3rPa55w0rd
R1(config)# ssh version 2
R1(config)# line vty 0 4
R1(config-line)# transport input ssh
R1(config-line)# login local

The local database method has some limitations:

  • User accounts must be configured locally on each device. In a large enterprise environment with multiple routers and switches to manage, it can take time to implement and change local databases on each device.
  • The local database configuration provides no fallback authentication method. For example, what if the administrator forgets the username and password for that device? With no backup method available for authentication, password recovery becomes the only option.

A better solution is to have all devices refer to the same database of usernames and passwords from a central server.

3 Trackbacks / Pingbacks

  1. DNS Attacks - Cisco Education
  2. Virtual Private Networks - Cisco Education
  3. Viruses and Trojan Horses - Cisco Education

Leave a Reply

Your email address will not be published.


*