Re: CISCO ASA LOGIN

yogesh1 · ‎08-07-2018

Dear All,

I have two ASA firewall & that is already enable with ssh v1 credentials so i want to add new login credentials with privilege 15 so please suggest cli command to enable credentials for new username.

ASA5505

ASA5525

Seb Rupik · ‎08-07-2018

Hi there,

The command to add a user to the local database would be:

!
username <user> password <password> privilege 15
!

cheers,

Seb.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/aaa-local.html#ID-2114-00000076

Jerome BERTHIER · ‎08-08-2018

Hi

Do not use ssh v1. It's unsafe and deprecated.
Here an example of ssh setup :
! needed if you want to scp file on the box
! ssh scopy enable
ssh stricthostkeycheck
! describe the network or hosts and the interface from where you want to allow the ssh access
ssh <x.y.z.0 255.255.255.0 <management_if>
ssh a.b.c.d 255.255.255.255 <management_if>
ssh timeout 30
ssh version 2
! keep strong ciphers only
ssh cipher integrity high
ssh key-exchange group dh-group14-sha1

Then if you want to add a new local username, just do :
username <user> password <pass> privilege 15

I assume that local authentication is already set :
aaa authentication ssh console LOCAL

Regards

Jérôme

yogesh1 · ‎08-17-2018

Hi Jerome,

Thanks for reply please let me know how the local authentication can be set.?

Jerome BERTHIER · ‎09-03-2018

Hello

Local authentication can be set using this :
aaa authentication ssh console LOCAL

Regards