ACS 5.4 " Change Password on Next Login" does not work with SSH Clients

MANSOORQ123 · ‎11-24-2012

Dear Team

As observed ACS 5.x " Change Password on Next Login" Feature does not work with SSH Clients ( tried with X-sheel, Secure CRT, Putty etc...) , however through telnet session to IOS devices, users can change their password on their next login.

1: on ACS 5.x i create a new user & Set " Change password on NExt Login" option.

2: Logged into the device through Telnet & Password can be changed after i authenticate successfully.

however

the same is not happening when i login to the devices through SSH.

is it because of the fact that SSH is encrypted session ?

Because changing password through a telnet session is not accepted in many fanancial organizations as per PCI Standard.

Any response will be highly appreciated.

Thanks

Ahad

Gurpreet Puri · ‎12-05-2012

Hi Ahad,

Please have a look on link mentioned below:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/command/reference/cli_use.html#wpxref48407

It shows that in ACS 5.4, you have to use SSHv2 and machine will be either windows XP/Vista or Linux.

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)

Gurpreet Puri · ‎12-05-2012

Hi Ahad,

Please also confirm that have you enabled the ssh on CLI?

If not you can do by following steps:

ssh port version

and

Use the service sshd command in configuration mode.

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)