autocommand not working

Unanswered Question
May 2nd, 2008

Trying to configure a user to be able to login via ssh and only see the router's configs. Router in question is a 2801 running IOS Version 12.4(15)T1.

Using local username database, no aaa new-model.

VTYs configured as follows:

line vty 0 4

login local

transport input ssh

User configured like so:

username dummy priv 15 secret 0 XXXXXXX

username dummy noescape autocommand sh run

When dummy logs in, no config is shown and he gets privileged exec mode prompt.

Jim Moore

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
moore_j58 Fri, 05/30/2008 - 04:57

Not what I"m after. I want the automatic command to be invoked only for a specific user, not for anyone connecting to a particular line. Furthermore, with my configuration and IOS combination, neither works:

config 1:

username dummy priv 15 secret 0 dummy1

line vty 0 4

login local

autocommand show running-config

transport input ssh

config 2:

username dummy priv 15 secret 0 dummy1

username dummy autocommand show running-config

...

line vty 0 4

login local

transport input ssh

In either case, when dummy logs in he gets the

privileged exec command prompt, no running configuration display, and no automatic logout.

When I change the input transport to telnet, both work.

moore_j58 Wed, 06/18/2008 - 09:43

Yes, I got the following answer from Mauricio Oviedo of TAC:

After reading the problem description included in your SR, I understand that

you are having issues setting automatic commands for SSH sessions.

The bug CSCdz17608 causes this problem on the Router. Here are the details:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet

chBugDetails&bugId=CSCdz17608

When user logs into the router using ssh, autocommand is not executed when

using "login local" as in following config:

username autocommand

line vty 0 4

login local

transport ssh

Workaround:

Configure aaa instead of using login local.

Example:

aaa new-model

aaa authentication login VTYS local

aaa authorization exec VTYS local

line vty 0 4

login authentication VTYS

authorization exec VTYS

Please let me know how would you like me to proceed with this case and feel

free to contact me if you have any question or doubt.

Best regards,

Mauricio Oviedo

SMB Team

Cisco Support Engineer

Email: [email protected]

Phone: 407 241-2965 x4682

Monday through Friday 8:00 a.m. - 5:00 p.m. CDT

I verified that the fix works.

Actions

This Discussion