cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

281
Views
0
Helpful
3
Replies
Jason Maynard
Cisco Employee

Local SSH Account - Security Auditors

Do we support creating a local account on ISE using public SSH Key for our security auditors?

1 ACCEPTED SOLUTION

Accepted Solutions

I am guessing it depends on what the auditor requires to do. ISE CLI users have two roles only -- admin or oper

my240/admin(config)# username audit password plain testAudit role ?

  admin  Specifies user with administrative role privileges

  user   Specifies user with read-only role privileges

View solution in original post

3 REPLIES 3
hslai
Cisco Employee

ISE admin CLI accounts are local only. Yes, it supports using SSH public key, which can be imported using crypto, e.g.:

crypto key import id_rsa.pub repository myRepo

Hi,

TAC suggested that a Local Account cannot be created for the security auditor team. Just trying to confirm

- I can create a local account called "SecurityAuditor" and import the SSH public key using "crypto key import id_rsa.pub repository myRepo"


- Also, can the SecurityAuditor" account be restricted or does it have to be admin?

Thanks,

Jason

I am guessing it depends on what the auditor requires to do. ISE CLI users have two roles only -- admin or oper

my240/admin(config)# username audit password plain testAudit role ?

  admin  Specifies user with administrative role privileges

  user   Specifies user with read-only role privileges

View solution in original post

Content for Community-Ad