Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1553
Views
0
Helpful
1
Replies

Using CyberArk to manage local IOS account passwords using high port SSH

Santa.Hawes
Level 1
Level 1

‎07-14-2021 11:36 AM

We currently are attmpting to integrate a CyberArk Central Policy Manager for the purpose of managing the local account password for accounts on our routers and switches.
Users log into each router/switch using ISE & RSA Mutilfactor authentication on SSH port 22. Currently, the configs force SSH only, and always on port 22.
I have a solution that involves having CyberArk log in on a restricted upper port (>1024) using just SSH and a significantly complex password.  We have the functionality working in our DEV environment using the following coding:

!
version 12.2
!
aaa new-model
aaa authentication login local-auth local
aaa authorization exec local-auth local
!
ip access-list extended CYBERARK
 permit tcp host xxx.xxx.xxx.59 any eq 3022
!
line vty 14 15
 access-class CYBERARK in
 privilege level 15
 authorization exec local-auth
 login authentication local-auth
 rotary 1
 transport input ssh
!

However, when we take these same changes into out test validation lab, nothing is listening on port 3022.

 

Any Ideas?

Any thoughts, comments and/or reactions made by the above identified individual are the sole responsibility of the above named individual, and should not reflect on his employer, spouse or family name.
Labels:
0 Helpful
1 Reply 1

Amine ZAKARIA
Spotlight
Spotlight

‎07-29-2021 03:05 PM

Did you use ip ssh port 3022 rotary 1 ?

debug ip ssh what does it show ?

0 Helpful
Customers Also Viewed These Support Documents