cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
27831
Views
11
Helpful
5
Replies

How to enable cli username and password in ise server

hunterman
Level 1
Level 1

Hello everyone,

I can enter in ise server with GUI by used my username and password and can login as fine, But the CLI ssh i can't enter when i used my username and password, How can enable the account in cli?

Any help

THANKS

2 Accepted Solutions

Accepted Solutions

Nadav
Level 7
Level 7

Hi,

 

When you first install the ISE node, you supply an administrator user and password. Let's assume the user is user1, the password is pass1.

 

After creating these credentials, the GUI user is duplicated as user1 and pass1. From that point on, the CLI and GUI credentials are entirely separate. For example you can disable the GUI credentials, or change the GUI password, without it affect the CLI password.

 

So the fact that the GUI user is working for you doesn't mean that it's the same user or the same user/password for the CLI. If you want to perform password recovery for CLI, here is the procedure:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200568-ISE-Password-Recovery-Mechanisms.html

 

Keep in mind that the GUI credentials are for the entire deployment, but the CLI ones are for a specific node. So if you want to recovery several nodes you need to do this one box at a time.

View solution in original post

Hi,

 

From GUI you can't create or modify a user for CLI login. Also you can't use external identity source for CLI of ISE.

 

External Identity Source for CLI is introduced in version 2.6. Below links for your ref.

 

CLI Username Creation for ISE

 

Release Notes 2.6

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

View solution in original post

5 Replies 5

Nadav
Level 7
Level 7

Hi,

 

When you first install the ISE node, you supply an administrator user and password. Let's assume the user is user1, the password is pass1.

 

After creating these credentials, the GUI user is duplicated as user1 and pass1. From that point on, the CLI and GUI credentials are entirely separate. For example you can disable the GUI credentials, or change the GUI password, without it affect the CLI password.

 

So the fact that the GUI user is working for you doesn't mean that it's the same user or the same user/password for the CLI. If you want to perform password recovery for CLI, here is the procedure:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200568-ISE-Password-Recovery-Mechanisms.html

 

Keep in mind that the GUI credentials are for the entire deployment, but the CLI ones are for a specific node. So if you want to recovery several nodes you need to do this one box at a time.

Thank you for replay,
Now if i need to enable user to make enter from putty "ssh" to ise server how can that to enable it from GUI ise server?

Thank you for replay,
Now if i need to enable user to make enter from putty "ssh" to ise server how can that to enable it from GUI ise server?

Hi,

 

From GUI you can't create or modify a user for CLI login. Also you can't use external identity source for CLI of ISE.

 

External Identity Source for CLI is introduced in version 2.6. Below links for your ref.

 

CLI Username Creation for ISE

 

Release Notes 2.6

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

novajoseph2000
Level 1
Level 1

you can enable this by using this command in

 

ISE/admin(config)#services sshd enable