7 Replies Latest reply on Nov 1, 2009 3:25 PM by Steve Welsh

    Security restriction on ASA

      I have cat tools working on my ASA, I connect via SSH2 using the username/password pair for the BACKUP user.  I also have the "enable password" field populated with our enable password.

       

      I recently configured my ASA with a custom priv. level for the BACKUP user, limiting their commands to just a "show run"

       

      However, to make this work, the backup user has to do two things. 1. login to the asa via ssh. 2. type login and login again.  How can I get this more secure configuration to work with my cat tools. I went through all the options in "Device Configuration" but dont see anything.

       

      Thanks in advance.

        • Re: Security restriction on ASA
          Steve Welsh

          Hi,

          When you say for your step 2, type login and login again, are you referring to negotiating local (or some other secondary level) device authentication - i.e. responding to username and password prompts, or is this something else?

          Which version of CatTools are your running?

          Steve

            • Re: Security restriction on ASA

              Hi Steve,

              What I mean is that after I ssh and authenticate to the asa with my special user (called bdback), I get dropped into a user mode.  To get into my priv. 2 command mode I have to type login and put in my bdback username and backup1 password a second time , finally I get to my pound prompt: see below.

              login as: bdback
              bdback@10.3.4.2's password:

              fw>
              fw> login
              Username: bdback
              Password: *********
              fw#

               These are the commans set on the ASA to lock down this bdback user and only allow for a "sh run"

              username bdback password o6uLI5dreghe542kWQ encrypted
              aaa authorization command LOCAL
              privilege show level 2 mode exec command running-config