Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Security restriction on ASA

I have cat tools working on my ASA, I connect via SSH2 using the username/password pair for the BACKUP user. I also have the "enable password" field populated with our enable password.

I recently configured my ASA with a custom priv. level for the BACKUP user, limiting their commands to just a "show run"

However, to make this work, the backup user has to do two things. 1. login to the asa via ssh. 2. type login and login again. How can I get this more secure configuration to work with my cat tools. I went through all the options in "Device Configuration" but dont see anything.

Thanks in advance.

Find more posts tagged with

Accepted answers

All comments

Spartacus

Hi,

When you say for your step 2, type login and login again, are you referring to negotiating local (or some other secondary level) device authentication - i.e. responding to username and password prompts, or is this something else?

Which version of CatTools are your running?

Steve

nets3

Hi Steve,

What I mean is that after I ssh and authenticate to the asa with my special user (called bdback), I get dropped into a user mode. To get into my priv. 2 command mode I have to type login and put in my bdback username and backup1 password a second time , finally I get to my pound prompt: see below.

fw>
fw> login
Username: bdback
Password: *********
fw#

These are the commans set on the ASA to lock down this bdback user and only allow for a "sh run"

username bdback password o6uLI5dreghe542kWQ encrypted
aaa authorization command LOCAL
privilege show level 2 mode exec command running-config

nets3

forgot to mention I am running cat tools free version 3.4

Spartacus

Hi,

The CatTools Cisco ASA device script doesn't support this type of authentication.

Is there any particular reason why you are using this method as opposed to the Cisco privileged levels for enable mode access (privileged EXEC), which CatTools does support?

Steve