PIX 501 logon

Hi all,

I have just reset my pix to factory mode to get a fresh new config on it and only added back what I needed all is working fine. I have given it an enabled password and can logon over ssh now using the default user and the enable password which i set up on the pix. I wanted to create a local user and password instead of using the pix username. I noticed when i dont have a enable password set for the default username"pix" I cannot logon on to the pix. I actually like the idea of not allowing the default user access to the pix, and I plan to emove the enable password for "pix"

The problem is now that when i try to create a local user i get this error.

aaa authentication ssh console LOCAL (pix accept this line)
username hugh password faxination encrypted privilege 15 (with this line i get the error below)

Encrypted password is of incorrect length
Username addition failed.

Regardless if i make the password smaller or bigger, i get this error regardless.

Any help on this would be appreciated.


LVL 2
huwaAsked:
Who is Participating?
 
lrmooreCommented:
Don't use the word "encrypted"...

   username hugh password faxination privilege 15

passwords are automagically encrypted by default so when you look at the config you will see the word encrypted
0
 
huwaAuthor Commented:

Great, thanks (feeling a bit like a fool), just another little question to passwords is it possible to set up a different enable password for each user, or is a tacacs server needed for this.

Thanks again. (If you have time maybe you can have a look at another question I posted earlier this week.
http://www.experts-exchange.com/Security/Firewalls/Q_21792194.html

Have a good weekend
Hugh
0
 
lrmooreCommented:
Sure, you can set each user up with their own username/password just like yours:
  username user1 password priv 15
  username user2 pass2 priv 15
  username user3 pass3 priv 3

<etc>
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
huwaAuthor Commented:
sure I have done this, and the users can logon with there own passwords, but when they type in "en" then they all share the same enable password, I dont have a problem with this,  just more out of interest. I know i can set what privileges they use, but if they use default user "pix" and use enable password to logon they get privilege 15
0
 
lrmooreCommented:
Simple. Set the enable password to something they don't know and this will force them to only use their own priv lev 15 username/pass
0
 
huwaAuthor Commented:
I may still have config set up wrong, when I try what you discribe it wont work.

I made a 2nd user called hughie, password fax
i:e 501#username hughie password zaLo91nsP1IF82Fo encrypted privilege 15

I can log on over ssh with this user/password but when I type "en" in the ssh and use his password fax . I am told it is an invalid password, but when i use the enable password then it works.


501>
501> en
Password: ***
Invalid password
Password: ***
Invalid password
Password:
Invalid password
Access denied.
501> en
Password: **********

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.