Solved: Re: Local SSH Account - Security Auditors

Jason Maynard · ‎06-25-2018

Do we support creating a local account on ISE using public SSH Key for our security auditors?

hslai · ‎06-26-2018

I am guessing it depends on what the auditor requires to do. ISE CLI users have two roles only -- admin or oper

my240/admin(config)# username audit password plain testAudit role ?

admin Specifies user with administrative role privileges

user Specifies user with read-only role privileges

hslai · ‎06-26-2018

ISE admin CLI accounts are local only. Yes, it supports using SSH public key, which can be imported using crypto, e.g.:

crypto key import id_rsa.pub repository myRepo

Jason Maynard · ‎06-26-2018

Hi,

TAC suggested that a Local Account cannot be created for the security auditor team. Just trying to confirm

- I can create a local account called "SecurityAuditor" and import the SSH public key using "crypto key import id_rsa.pub repository myRepo"

- Also, can the SecurityAuditor" account be restricted or does it have to be admin?

Thanks,

Jason

hslai · ‎06-26-2018

I am guessing it depends on what the auditor requires to do. ISE CLI users have two roles only -- admin or oper

my240/admin(config)# username audit password plain testAudit role ?

admin Specifies user with administrative role privileges

user Specifies user with read-only role privileges