https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/4086963#M560452 Sat, 16 May 2020 01:13:10 GMT jannataljabri 2020-05-16T01:13:10Z https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/612997#M5620 <P>I'm looking to set up passwordless SSH authentication so a Solaris client can run a script to log on to a PIX and retrieve the configuration.</P><P>Has anyone succesfully achieved passwordless SSH authentication on a PIX or know whether the device supports it or not?</P><P>Many Thanks, Dom</P> Fri, 21 Feb 2020 18:17:55 GMT https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/612997#M5620 d-fillmore 2020-02-21T18:17:55Z https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/612998#M5621 <HTML><HEAD></HEAD><BODY><P>hi d,</P><P></P><P>i am not sure but i think it's not possible.</P><P>when you do "ssh " to the firewall,you need to provide the telnet password first and then at the enable prompt,the enable password.</P><P></P><P>now,you can set the enable password to be blank by putting the command :</P><P></P><P>pix(config)#enable password </P><P></P><P>but as far as telnet password is concerned,by default it's " cisco " and there's no way that we could remove this.</P><P></P><P>there should be a telnet password in the firewall.</P><P></P><P>so,if the script gives you the option to setup a password,you could retrieve the configuration.</P><P></P><P>please rate if this helps!!</P><P></P><P>Sushil</P><P>Cisco TAC.</P></BODY></HTML> Wed, 07 Mar 2007 15:07:30 GMT https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/612998#M5621 suschoud 2007-03-07T15:07:30Z https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/612999#M5622 <HTML><HEAD></HEAD><BODY><P>Thanks for that Sushil.</P><P>So the telnet password is the same one that is used for SSH authentication?</P><P></P></BODY></HTML> Wed, 07 Mar 2007 15:14:15 GMT https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/612999#M5622 d-fillmore 2007-03-07T15:14:15Z https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/613000#M5623 <HTML><HEAD></HEAD><BODY><P>that is vaguely correct.</P><P></P><P>here are the details :</P><P></P><P>Security506E-6.x(config)# sh aaa</P><P>aaa proxy-limit 16</P><P>aaa authentication ssh console SecurityACS1111 LOCAL</P><P>aaa authentication http console SecurityACS1111 LOCAL</P><P>aaa authentication telnet console SecurityACS1111 LOCAL</P><P>aaa authentication enable console SecurityACS1111 LOCAL</P><P>aaa authorization command LOCAL</P><P></P><P></P><P></P><P>now,if you have configured aaa on the pix and specified a aaa server for the authentication purpose when ssh is done ""aaa authentication ssh console SecurityACS1111 LOCAL ".....then the username and passwords from the aaa server database need to be provided when ssh is done.</P><P></P><P></P><P>if you have specified LOCAL as the authentication method,then the username and password database configured in the firewall's configuration will be used for the authentication purpose.</P><P></P><P></P><P>if you have n't spoecified " ssh " under " sh aaa " command output ,then the default settings are used.</P><P></P><P>dafault settings :</P><P></P><P>username : pix</P><P></P><P>telnet password: whatever password you have set using the command :</P><P></P><P>password <ACTUAL password=""></ACTUAL></P><P></P><P></P><P>enable password :</P><P></P><P>whatever password you have set using :</P><P></P><P>enable password <ACTUAL enable="" password=""></ACTUAL></P><P></P><P></P><P>please rate if this helps!!</P><P></P><P>Sushil</P><P>cisco tac.</P><P></P><P></P></BODY></HTML> Wed, 07 Mar 2007 15:21:32 GMT https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/613000#M5623 suschoud 2007-03-07T15:21:32Z https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/613001#M5624 <HTML><HEAD></HEAD><BODY><P>Thanks for that Sushil =]</P></BODY></HTML> Wed, 07 Mar 2007 15:47:53 GMT https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/613001#M5624 d-fillmore 2007-03-07T15:47:53Z https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/613002#M5625 <HTML><HEAD></HEAD><BODY><P>no problem D.</P><P></P><P>Pleasure is all mine</P><P></P><P>Have a good day.</P></BODY></HTML> Wed, 07 Mar 2007 16:02:48 GMT https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/613002#M5625 suschoud 2007-03-07T16:02:48Z https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/4086963#M560452 Sat, 16 May 2020 01:13:10 GMT https://community.cisco.com/t5/network-access-control/passwordless-ssh-authentication-on-a-pix/m-p/4086963#M560452 jannataljabri 2020-05-16T01:13:10Z