02-24-2008 12:44 PM - edited 03-11-2019 05:07 AM
Hi, I've noticed on our Cisco ASA 5520 that it's only using "enable password" all I have to do (via telnet) is put in the password of cisco and then if I type "enable" and password of cisco then I'm on!
Should I be prompted with a username and password?
I've look on the CLI config and I can't see the username cisco or passord cisco anywhere! I have found the "enable password" which is encrypted. What should I do as I don't want to lose access. Should I use "enable secret" instead? and "service password encryption"?
I've noticed SSH2 is enabled, but what username/password woudl this be, level 15?
02-24-2008 05:17 PM
Change the following in your config:
passwd
enable password
These are in effect as long as you are not running aaa. The default username on telnet/ssh access is pix for the level 15 access using the http interface use enable_15
... and by the way, the PIX/ASA encryption of the passwords is a one way hash - it cannot be decrypted. Not like the level 7 encryption on the IOS routers.
Harald
02-25-2008 01:26 AM
Great, I will do:
passwd
enable password
You are right I only use the router IOS and assumed I'd have to use eanble seret, service password encryption etc...
07-15-2008 12:16 PM
How can you change the default username for SSH on a pix ?
07-15-2008 12:31 PM
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1060011
username newusername password newpassword [privilege priv_level]
aaa authentication ssh console LOCAL
You can assign priv-level 15 to a username and bypass the enable password if you choose.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: