PIX 501 logon

Hi all,

I have just reset my pix to factory mode to get a fresh new config on it and only added back what I needed all is working fine. I have given it an enabled password and can logon over ssh now using the default user and the enable password which i set up on the pix. I wanted to create a local user and password instead of using the pix username. I noticed when i dont have a enable password set for the default username"pix" I cannot logon on to the pix. I actually like the idea of not allowing the default user access to the pix, and I plan to emove the enable password for "pix"

The problem is now that when i try to create a local user i get this error.

aaa authentication ssh console LOCAL (pix accept this line)
username hugh password faxination encrypted privilege 15 (with this line i get the error below)

Encrypted password is of incorrect length
Username addition failed.

Regardless if i make the password smaller or bigger, i get this error regardless.

Any help on this would be appreciated.


LVL 2
huwaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Don't use the word "encrypted"...

   username hugh password faxination privilege 15

passwords are automagically encrypted by default so when you look at the config you will see the word encrypted

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
huwaAuthor Commented:

Great, thanks (feeling a bit like a fool), just another little question to passwords is it possible to set up a different enable password for each user, or is a tacacs server needed for this.

Thanks again. (If you have time maybe you can have a look at another question I posted earlier this week.
http://www.experts-exchange.com/Security/Firewalls/Q_21792194.html

Have a good weekend
Hugh
lrmooreCommented:
Sure, you can set each user up with their own username/password just like yours:
  username user1 password priv 15
  username user2 pass2 priv 15
  username user3 pass3 priv 3

<etc>
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

huwaAuthor Commented:
sure I have done this, and the users can logon with there own passwords, but when they type in "en" then they all share the same enable password, I dont have a problem with this,  just more out of interest. I know i can set what privileges they use, but if they use default user "pix" and use enable password to logon they get privilege 15
lrmooreCommented:
Simple. Set the enable password to something they don't know and this will force them to only use their own priv lev 15 username/pass
huwaAuthor Commented:
I may still have config set up wrong, when I try what you discribe it wont work.

I made a 2nd user called hughie, password fax
i:e 501#username hughie password zaLo91nsP1IF82Fo encrypted privilege 15

I can log on over ssh with this user/password but when I type "en" in the ssh and use his password fax . I am told it is an invalid password, but when i use the enable password then it works.


501>
501> en
Password: ***
Invalid password
Password: ***
Invalid password
Password:
Invalid password
Access denied.
501> en
Password: **********

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.