https://community.cisco.com/t5/network-security/exclude-an-ssh-admin-host-from-aaa-authentication/m-p/1400899#M724008 <HTML><HEAD></HEAD><BODY><P>Thank you for your reply.</P><P>I've tried some other solutions but without success. Too bad, I've to move somewhere else <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/sad.gif"></SPAN></P></BODY></HTML> Fri, 29 Jan 2010 08:53:50 GMT ifallani 2010-01-29T08:53:50Z https://community.cisco.com/t5/network-security/exclude-an-ssh-admin-host-from-aaa-authentication/m-p/1400897#M724005 <P>Hi everybody.</P><P>I'm runnig ASA with TACACS console authentication in order to have authentication/authorization on console access (telnet/SSH) via AAA but I need to exclude a particular SSH host from the authentication process. It seems that the include/exclude or match commands applies only to the traffic going trought the ASA but not to the traffic going "to" the ASA, as console access traffic should be. I've done some testing, playing around include/exclude without success, of course <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P>Can someone give a clue about?</P> Mon, 11 Mar 2019 16:59:07 GMT https://community.cisco.com/t5/network-security/exclude-an-ssh-admin-host-from-aaa-authentication/m-p/1400897#M724005 ifallani 2019-03-11T16:59:07Z https://community.cisco.com/t5/network-security/exclude-an-ssh-admin-host-from-aaa-authentication/m-p/1400898#M724006 <HTML><HEAD></HEAD><BODY><P>I believe you are correct. There is no way to just exclude one IP from being exempted from AAA authentication when managing the device via ssh while allowing the rest to authenticate via TACACS.</P><P></P><P>-KS</P></BODY></HTML> Wed, 20 Jan 2010 13:23:16 GMT https://community.cisco.com/t5/network-security/exclude-an-ssh-admin-host-from-aaa-authentication/m-p/1400898#M724006 Kureli Sankar 2010-01-20T13:23:16Z https://community.cisco.com/t5/network-security/exclude-an-ssh-admin-host-from-aaa-authentication/m-p/1400899#M724008 <HTML><HEAD></HEAD><BODY><P>Thank you for your reply.</P><P>I've tried some other solutions but without success. Too bad, I've to move somewhere else <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/sad.gif"></SPAN></P></BODY></HTML> Fri, 29 Jan 2010 08:53:50 GMT https://community.cisco.com/t5/network-security/exclude-an-ssh-admin-host-from-aaa-authentication/m-p/1400899#M724008 ifallani 2010-01-29T08:53:50Z