topic adding a user with privilege 5 in Network Security

adding a user with privilege 5

parisvcisco — Tue, 12 Mar 2019 04:33:39 GMT

I've been asked to add a user to our asa 5520 firewall with privilege level 5.

how should I do this? I did:

username test password blah privilege 5

but when they ssh to it they just get to the > prompt. How can they enable without giving them the enable password? I assume this is what they would need to show run?

I think you will find

nspasov — Thu, 31 Jul 2014 18:13:31 GMT

I think you will find solution(s) to your problem here:

http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html

Thank you for rating helpful posts!

thanks for the link but even

parisvcisco — Thu, 31 Jul 2014 18:35:28 GMT

thanks for the link but even when I give the user privilege 15 this is what I see:

firewall> ?

clear Reset functions

enable Turn on privileged commands

exit Exit from the EXEC

help Interactive help for commands

logout Exit from the EXEC

no Negate a command or set its defaults

ping Send echo messages

quit Exit from the EXEC

show Show running system information

traceroute Trace route to destination

firewall> show ?

checksum Display configuration information cryptochecksum

curpriv Display current privilege level

disk0: Display information about disk0: file system

disk1: Display information about disk1: file system

flash: Display information about flash: file system

history Display the session command history

inventory Show all inventory information for all slots

version Display system software version

Sorry I wasn't paying

nspasov — Thu, 31 Jul 2014 20:43:35 GMT

Sorry I wasn't paying attention and did not notice that you are asking about ASA 🙂 Can you post the output of the following command:

show run aaa

You need to have a few commands in place to make this work on the ASA. For instance, the following syntax would authenticate and authorize the user admin to priv level 15. Now keep in mind that the user will have to login with the configured username and password. Then the user would have to type enable and use the same configured password to be authorized and allowed in the exec shell:

username admin password cisco privilege 15
!
aaa authentication serial console LOCAL 
aaa authentication enable console LOCAL 
aaa authorization exec LOCAL

Thank you for rating helpful posts!

thanks.At the moment sh run

parisvcisco — Fri, 01 Aug 2014 15:19:14 GMT

thanks.

At the moment sh run aaa shows this:

aaa authentication ssh console LOCAL

If I create a user with privilege 1 and they ssh in then type in login and enter their username and password they can make any changes they like and write mem?? That can't be right!

Is this because of aaa authentication ssh console LOCAL ?