05-02-2008 07:26 AM - edited 03-09-2019 08:38 PM
Trying to configure a user to be able to login via ssh and only see the router's configs. Router in question is a 2801 running IOS Version 12.4(15)T1.
Using local username database, no aaa new-model.
VTYs configured as follows:
line vty 0 4
login local
transport input ssh
User configured like so:
username dummy priv 15 secret 0 XXXXXXX
username dummy noescape autocommand sh run
When dummy logs in, no config is shown and he gets privileged exec mode prompt.
Jim Moore
05-08-2008 05:56 AM
To automatically execute a command when a user connects to a particular line, use the "AUTOCOMMAND" command in line configuration mode. To disable the automatic execution, use the no form of this command.
For more information on using this command refer the following URL:
http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_a1g.html#wp998780
05-30-2008 04:57 AM
Not what I"m after. I want the automatic command to be invoked only for a specific user, not for anyone connecting to a particular line. Furthermore, with my configuration and IOS combination, neither works:
config 1:
username dummy priv 15 secret 0 dummy1
line vty 0 4
login local
autocommand show running-config
transport input ssh
config 2:
username dummy priv 15 secret 0 dummy1
username dummy autocommand show running-config
...
line vty 0 4
login local
transport input ssh
In either case, when dummy logs in he gets the
privileged exec command prompt, no running configuration display, and no automatic logout.
When I change the input transport to telnet, both work.
06-17-2008 02:21 PM
I am running into the same thing. Ever find an answer?
06-18-2008 09:43 AM
Yes, I got the following answer from Mauricio Oviedo of TAC:
After reading the problem description included in your SR, I understand that
you are having issues setting automatic commands for SSH sessions.
The bug CSCdz17608 causes this problem on the Router. Here are the details:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet
chBugDetails&bugId=CSCdz17608
When user logs into the router using ssh, autocommand is not executed when
using "login local" as in following config:
username
line vty 0 4
login local
transport ssh
Workaround:
Configure aaa instead of using login local.
Example:
aaa new-model
aaa authentication login VTYS local
aaa authorization exec VTYS local
line vty 0 4
login authentication VTYS
authorization exec VTYS
Please let me know how would you like me to proceed with this case and feel
free to contact me if you have any question or doubt.
Best regards,
Mauricio Oviedo
SMB Team
Cisco Support Engineer
Email: moviedo@cisco.com
Phone: 407 241-2965 x4682
Monday through Friday 8:00 a.m. - 5:00 p.m. CDT
I verified that the fix works.
06-18-2008 10:11 AM
Thanks for the post!!!
02-22-2017 11:34 AM
OK, I have aaa enabled but get the autocommand failure when just trying to show static routes. What am I doing wrong?
Line has invalid autocommand "show ip route static"
06-18-2008 11:33 AM
Hi James,
Thanks for posting the fix. I rate it a "5" and hope you continue to follow up like this as it helps everyone who uses the forum.
Best,
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide