• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3773
  • Last Modified:

PIX 501 logon

Hi all,

I have just reset my pix to factory mode to get a fresh new config on it and only added back what I needed all is working fine. I have given it an enabled password and can logon over ssh now using the default user and the enable password which i set up on the pix. I wanted to create a local user and password instead of using the pix username. I noticed when i dont have a enable password set for the default username"pix" I cannot logon on to the pix. I actually like the idea of not allowing the default user access to the pix, and I plan to emove the enable password for "pix"

The problem is now that when i try to create a local user i get this error.

aaa authentication ssh console LOCAL (pix accept this line)
username hugh password faxination encrypted privilege 15 (with this line i get the error below)

Encrypted password is of incorrect length
Username addition failed.

Regardless if i make the password smaller or bigger, i get this error regardless.

Any help on this would be appreciated.


0
huwa
Asked:
huwa
  • 3
  • 3
1 Solution
 
lrmooreCommented:
Don't use the word "encrypted"...

   username hugh password faxination privilege 15

passwords are automagically encrypted by default so when you look at the config you will see the word encrypted
0
 
huwaAuthor Commented:

Great, thanks (feeling a bit like a fool), just another little question to passwords is it possible to set up a different enable password for each user, or is a tacacs server needed for this.

Thanks again. (If you have time maybe you can have a look at another question I posted earlier this week.
http://www.experts-exchange.com/Security/Firewalls/Q_21792194.html

Have a good weekend
Hugh
0
 
lrmooreCommented:
Sure, you can set each user up with their own username/password just like yours:
  username user1 password priv 15
  username user2 pass2 priv 15
  username user3 pass3 priv 3

<etc>
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
huwaAuthor Commented:
sure I have done this, and the users can logon with there own passwords, but when they type in "en" then they all share the same enable password, I dont have a problem with this,  just more out of interest. I know i can set what privileges they use, but if they use default user "pix" and use enable password to logon they get privilege 15
0
 
lrmooreCommented:
Simple. Set the enable password to something they don't know and this will force them to only use their own priv lev 15 username/pass
0
 
huwaAuthor Commented:
I may still have config set up wrong, when I try what you discribe it wont work.

I made a 2nd user called hughie, password fax
i:e 501#username hughie password zaLo91nsP1IF82Fo encrypted privilege 15

I can log on over ssh with this user/password but when I type "en" in the ssh and use his password fax . I am told it is an invalid password, but when i use the enable password then it works.


501>
501> en
Password: ***
Invalid password
Password: ***
Invalid password
Password:
Invalid password
Access denied.
501> en
Password: **********

0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now