[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1422
  • Last Modified:

Autocommand not working with SSH on Cisco equipment

We have several Cisco 2811s and I'm trying to setup an autocommand so that when a particular user logs in it will display the running-config and then disconnect. The command works fine when the user connects via telnet but fails when I connect with SSH; it will let the user login but then doesn't run the autocommand and leaves the user at the exec prompt. Any suggestions? I've tried this on a test system with only an IP address, username, and certificate and it still fails with SSH.
0
license-metro
Asked:
license-metro
  • 3
  • 2
2 Solutions
 
ArneLoviusCommented:
can you post a suitably sanitised copy of the config
0
 
ArneLoviusCommented:
I'm going to guess that in your config you have
aaa new-model

Open in new window

as well as
aaa authentication login default local 

Open in new window

do you also have
aaa authorization exec default local

Open in new window

0
 
license-metroAuthor Commented:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ARM-TEST-RTR
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
ip domain name xxxx.local
!
!
username test privilege 15 password 0 test
username test autocommand show running-config
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.10.8.254 255.255.252.0
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
!
ip forward-protocol nd
ip route 10.10.2.0 255.255.254.0 10.10.8.1
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

Open in new window

0
 
license-metroAuthor Commented:
Found out the issue is a bug with the IOS and that it's one that Cisco can't fix so they have a workaround to use AAA. So I'm going to change over to that authentication method and then your post will work for me. Thanks
0
 
license-metroAuthor Commented:
After submitting a ticket to Cisco they stated that my issue is a known bug and that there is only a workaround to fix the issue. The fix is to enable AAA and then configure it like it's listed below.

aaa new-model
aaa authentication login VTYS local
aaa authorization exec VTYS local
line vty 0 4
login authentication VTYS
authorization exec VTYS
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now