02-24-2008 12:44 PM - edited 03-11-2019 05:07 AM
Hi, I've noticed on our Cisco ASA 5520 that it's only using "enable password" all I have to do (via telnet) is put in the password of cisco and then if I type "enable" and password of cisco then I'm on!
Should I be prompted with a username and password?
I've look on the CLI config and I can't see the username cisco or passord cisco anywhere! I have found the "enable password" which is encrypted. What should I do as I don't want to lose access. Should I use "enable secret" instead? and "service password encryption"?
I've noticed SSH2 is enabled, but what username/password woudl this be, level 15?
02-24-2008 05:17 PM
Change the following in your config:
passwd
enable password
These are in effect as long as you are not running aaa. The default username on telnet/ssh access is pix for the level 15 access using the http interface use enable_15
... and by the way, the PIX/ASA encryption of the passwords is a one way hash - it cannot be decrypted. Not like the level 7 encryption on the IOS routers.
Harald
02-25-2008 01:26 AM
Great, I will do:
passwd
enable password
You are right I only use the router IOS and assumed I'd have to use eanble seret, service password encryption etc...
07-15-2008 12:16 PM
How can you change the default username for SSH on a pix ?
07-15-2008 12:31 PM
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1060011
username newusername password newpassword [privilege priv_level]
aaa authentication ssh console LOCAL
You can assign priv-level 15 to a username and bypass the enable password if you choose.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide