Solved: How to remove the enable password during SSH login on Cisco 3850 switc

angel9999 · ‎02-20-2024

How to remove the enable password during SSH login on Cisco 3850 switch

Enable password Cisco123, after deletion, SSH prompts that a password is required to log in

balaji.bandi · ‎02-20-2024

Its all depends on the configuration,

is the users are created on locally on switch, if the user has priv level 15 and configuration ok that should give direct access to #

Try access from console and make changes or post the relavant configuration to suggest you to fix (even in console you dont have that access, then you need to follow reset proceedure)

example below for the local user wth priv 15

enable secret 5 $1$jtK0$yyHFcVM7xyelts1csVwrV/
!
username cisco privilege 15 secret 5 $1$0qFD$ZEMDi.7z1QTtF4EuPdlSY.
aaa new-model
!
aaa authorization config-commands
!
aaa session-id common
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
no ip domain-lookup
ip domain-name bb.com
ip cef
no ipv6 cef
!

ip ssh version 2
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous level 0 limit 20
 stopbits 1
line aux 0
line vty 0 4
 privilege level 15
 password cisco
 transport input ssh
 transport output all
!
######### Generate SSH keys :
crypto key generate rsa

password recovery :

https://community.cisco.com/t5/networking-knowledge-base/password-recovery-on-cisco-catalyst-3850/ta-p/3154378

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

angel9999 · ‎02-20-2024

balaji.bandi · ‎02-20-2024

Its all depends on the configuration,

is the users are created on locally on switch, if the user has priv level 15 and configuration ok that should give direct access to #

Try access from console and make changes or post the relavant configuration to suggest you to fix (even in console you dont have that access, then you need to follow reset proceedure)

example below for the local user wth priv 15

enable secret 5 $1$jtK0$yyHFcVM7xyelts1csVwrV/
!
username cisco privilege 15 secret 5 $1$0qFD$ZEMDi.7z1QTtF4EuPdlSY.
aaa new-model
!
aaa authorization config-commands
!
aaa session-id common
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
no ip domain-lookup
ip domain-name bb.com
ip cef
no ipv6 cef
!

ip ssh version 2
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous level 0 limit 20
 stopbits 1
line aux 0
line vty 0 4
 privilege level 15
 password cisco
 transport input ssh
 transport output all
!
######### Generate SSH keys :
crypto key generate rsa

password recovery :

https://community.cisco.com/t5/networking-knowledge-base/password-recovery-on-cisco-catalyst-3850/ta-p/3154378

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

liviu.gheorghe · ‎02-20-2024

Hello @angel9999 ,

from the picture you shared, it seems that the enable password is not set on the switch.

Depending on how your switch is configured, you could try to access the switch using the console port and try to issue the enable command from there - it could work if no specific authentication rules are set for the console port.

If you get access through the console port, the first thing to do is going in config mode and setting an enable secret password and saving the config:

device#configure terminal

device(config)#enable secret Your-password-here

device(config)#^Z

device#copy running start

Now you should be able to issue the enable command when you access the switch via ssh.

Hope this helps

Regards, LG
*** Please Rate All Helpful Responses ***

angel9999 · ‎02-21-2024

I don't want to enable ambient password

liviu.gheorghe · ‎02-21-2024

What do you mean by ambient password?

Regards, LG
*** Please Rate All Helpful Responses ***