03-25-2024 07:35 PM
i can access to asa without enable password by under config.
but if i access to FXOS, and change to ASA from FXOS by command(change to asa)
the system require the enable password.
how can i access the ASA from FXOS without enable password?
aaa-server tacacs protocol tacacs+
aaa-server tacacs host x.x.x.x
key 8 xxxx
user-identity default-domain LOCAL
aaa authentication enable console tacacs LOCAL
aaa authentication http console tacacs LOCAL
aaa authentication ssh console tacacs LOCAL
aaa authentication serial console tacacs LOCAL
aaa authorization command tacacs LOCAL
aaa accounting ssh console tacacs
aaa accounting enable console tacacs
aaa accounting command tacacs
aaa accounting serial console tacacs
aaa authentication secure-http-client
aaa authorization exec authentication-server auto-enable
aaa authentication login-history
03-25-2024 11:59 PM
Hello,
tough question. This is what ChatGPT says:
To access a Cisco ASA from within Cisco FXOS without having to manually type in the password each time, you can set up SSH key-based authentication. This method allows you to authenticate to the ASA using SSH keys instead of passwords. Here's a step-by-step guide:
1. **Generate SSH Key Pair on FXOS:**
First, you need to generate an SSH key pair on the FXOS device. You can do this using the `ssh-keygen` command. Make sure you generate the key pair for the appropriate user account that you will use to access the ASA.
ssh-keygen -t rsa
This command will generate a public and private key pair in the `~/.ssh` directory by default.
2. **Copy Public Key to ASA:**
Next, you need to copy the public key from the FXOS device to the Cisco ASA. You can do this by appending the contents of the public key file (`~/.ssh/id_rsa.pub`) to the `authorized_keys` file on the ASA. If the `.ssh` directory or the `authorized_keys` file doesn't exist on the ASA, you'll need to create them.
3. **Enable SSH Key Authentication on ASA:**
Ensure that SSH key-based authentication is enabled on the Cisco ASA. You can do this by configuring the ASA to use public key authentication and allowing SSH access.
4. **Test the Connection:**
Once the public key is copied to the ASA and SSH key authentication is enabled, you should be able to SSH into the ASA from the FXOS device without being prompted for a password.
ssh username@asa_ip_address
Replace `username` with your ASA username and `asa_ip_address` with the IP address of the ASA.
By setting up SSH key-based authentication, you can automate the login process from Cisco FXOS to the Cisco ASA, eliminating the need to manually type in the password each time you access the ASA. Ensure that you have appropriate permissions and security measures in place when using SSH keys.
03-26-2024 12:51 AM
i want to access FXOS to ASA without enable password by console cable
03-27-2024 12:02 AM
Hello,
your connection to FXOS does not matter, you need to be at the CLI. Does the SSH procedure work ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide