@LARRY-MILLER-2 said in Hi guys, can you please help me with some confusion about setting up for SSH?:
Wow Ronnie I sure feel dumb, because I am just not getting it. Let me try asking the question a different way. Below is a section of a script I have been Putting together as I follow along in your video. As you can see, when I start to build the switch the fifth command I send is to set the enable password. In this case I called it Ronnie. Because it's the mother of all passwords on the switch right? :-)
Right after that I do the login passwords for the Console and VTY lines. I call them Ron,
Then here comes the part I have the confusion with.
As you look through this script we put together, and take into considering the other passwords in this script, which password fits in to the SSH area right near the bottom of this cut and paste? Is it my enable password, or my console and tty password?
Please take a quick glance below, and thank you again Ronnie for helping me :
ip domain-name XXXX.XXX
username admin priv 15 secret is it Ronnie or Don?
The answer is neither in your config....
Once you've set your username/password with privilege level 15, in your vty lines you do not refer back to it again, you simply tell the vty to look at the local username/password database for login as in what I typed below.
SW1(config)#line vty 0 15
SW1(config-line)#login local (this tells the vty to look at the username password/database on the local device)
SW1(config-line)#transport input ssh
When you set the enable password (or secret) you're setting up a global password to gain access to the privilege mode, regardless of who is on the switch. When you create a username/password with a privilege level 15, you're saying that "Ronnie can login to the switch and get access to privilege mode." When he logs in he is dumped immediately into
switch# if you' were to create a username/password (e.g. Larry/cisco1234 with no privilege level. what would happen when Larry tried to login? It would allow him to login with the password then dump him at "user exec"