Linux root access to ISE 2.6 and ISE 3.0

adamscottmaster2013 · ‎10-08-2021

The TAC engineer used these two files to gain root access to my ISE 2.6

RootKeyv45-appbundle-1.0-x86_64.tar.gz

RootPatch-appbundle-1.4.SSA_NOT_FOR_RELEASE_1.x86_64.tar.gz

I installed these two files on another ISE 2.6 and I got root access.

Questions:

1- Is there a time limit on how long these two files will stay valid? For example, if I install these two files on another ISE 2.6 a year from now, will it still work?

2- Can you also install these two files on ISE 3.0 and expect it to work?

FYI: Look like ISE version 2.6 use Redhat 7.5

ade # cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)
ade #

ComputerRick · ‎10-08-2021

No, the files will timeout after installation, and the key file is only valid for 90 days at a time. As of ISE 2.7, those file will not work, root access requires a token generated by Cisco TAC.

Root access is limited because ISE is a security product granting network access and control. Due to the scope and possible impact while in root, it's advised that root is only accessed while being supervised by TAC engineers.

poongarg · ‎10-09-2021

Cisco does not provide root access for customer ISE deployments unless used specifically by the TAC or BE for troubleshooting or providing patches to the customer ISE deployment. Root access is carefully monitored and is to be used by the TAC or BE only.”

Kasper Elsborg · ‎05-22-2023

hi adamscottmaster2013

After installing the two appbundles, how did you enter root access?

Cheers Kasper

poongarg · ‎05-22-2023

Root access is strictly for TAC use.
Customers are not allowed to access ISE root shell.

If any workaround need to be executed from root then open TAC case.