https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539011#M496754 <HTML><HEAD></HEAD><BODY><P>I am guessing it depends on what the auditor requires to do. ISE CLI users have two roles only -- admin or oper</P><P></P><P>my240/admin(config)# username audit password plain testAudit role ?</P><P>&nbsp; admin&nbsp; Specifies user with administrative role privileges</P><P>&nbsp; user&nbsp;&nbsp; Specifies user with read-only role privileges</P></BODY></HTML> Tue, 26 Jun 2018 18:08:42 GMT hslai 2018-06-26T18:08:42Z https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539008#M496751 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 12.0pt; font-family: 'Times New Roman',serif;">Do we support creating a local account on ISE using public SSH Key for our security auditors?</SPAN></P></BODY></HTML> Tue, 26 Jun 2018 02:18:22 GMT https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539008#M496751 Jason Maynard 2018-06-26T02:18:22Z https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539009#M496752 <HTML><HEAD></HEAD><BODY><P>ISE admin CLI accounts are local only. Yes, it supports using SSH public key, which can be imported using <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/cli_guide/b_ise_CLIReferenceGuide_24/b_ise_CLIReferenceGuide_24_chapter_01.html#wp5098364600">crypto</A>, e.g.:</P><P></P><P>crypto key import id_rsa.pub repository myRepo</P></BODY></HTML> Tue, 26 Jun 2018 16:47:03 GMT https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539009#M496752 hslai 2018-06-26T16:47:03Z https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539010#M496753 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>TAC suggested that a Local Account cannot be created for the security auditor team. Just trying to confirm </P><P></P><P>- I can create a local account called "SecurityAuditor" and import the SSH public key using "<SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;">crypto key import id_rsa.pub repository myRepo"</SPAN></P><P><SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;"><BR /></SPAN></P><P>- Also, can the SecurityAuditor" account be restricted or does it have to be admin?</P><P></P><P>Thanks,</P><P>Jason</P></BODY></HTML> Tue, 26 Jun 2018 17:44:47 GMT https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539010#M496753 Jason Maynard 2018-06-26T17:44:47Z https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539011#M496754 <HTML><HEAD></HEAD><BODY><P>I am guessing it depends on what the auditor requires to do. ISE CLI users have two roles only -- admin or oper</P><P></P><P>my240/admin(config)# username audit password plain testAudit role ?</P><P>&nbsp; admin&nbsp; Specifies user with administrative role privileges</P><P>&nbsp; user&nbsp;&nbsp; Specifies user with read-only role privileges</P></BODY></HTML> Tue, 26 Jun 2018 18:08:42 GMT https://community.cisco.com/t5/network-access-control/local-ssh-account-security-auditors/m-p/3539011#M496754 hslai 2018-06-26T18:08:42Z