cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16256
Views
25
Helpful
7
Replies

autocommand not working

moore_j58
Level 1
Level 1

Trying to configure a user to be able to login via ssh and only see the router's configs. Router in question is a 2801 running IOS Version 12.4(15)T1.

Using local username database, no aaa new-model.

VTYs configured as follows:

line vty 0 4

login local

transport input ssh

User configured like so:

username dummy priv 15 secret 0 XXXXXXX

username dummy noescape autocommand sh run

When dummy logs in, no config is shown and he gets privileged exec mode prompt.

Jim Moore

7 Replies 7

smahbub
Level 6
Level 6

To automatically execute a command when a user connects to a particular line, use the "AUTOCOMMAND" command in line configuration mode. To disable the automatic execution, use the no form of this command.

For more information on using this command refer the following URL:

http://www.cisco.com/en/US/docs/ios/12_3/termserv/command/reference/ter_a1g.html#wp998780

Not what I"m after. I want the automatic command to be invoked only for a specific user, not for anyone connecting to a particular line. Furthermore, with my configuration and IOS combination, neither works:

config 1:

username dummy priv 15 secret 0 dummy1

line vty 0 4

login local

autocommand show running-config

transport input ssh

config 2:

username dummy priv 15 secret 0 dummy1

username dummy autocommand show running-config

...

line vty 0 4

login local

transport input ssh

In either case, when dummy logs in he gets the

privileged exec command prompt, no running configuration display, and no automatic logout.

When I change the input transport to telnet, both work.

I am running into the same thing. Ever find an answer?

Yes, I got the following answer from Mauricio Oviedo of TAC:

After reading the problem description included in your SR, I understand that

you are having issues setting automatic commands for SSH sessions.

The bug CSCdz17608 causes this problem on the Router. Here are the details:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet

chBugDetails&bugId=CSCdz17608

When user logs into the router using ssh, autocommand is not executed when

using "login local" as in following config:

username autocommand

line vty 0 4

login local

transport ssh

Workaround:

Configure aaa instead of using login local.

Example:

aaa new-model

aaa authentication login VTYS local

aaa authorization exec VTYS local

line vty 0 4

login authentication VTYS

authorization exec VTYS

Please let me know how would you like me to proceed with this case and feel

free to contact me if you have any question or doubt.

Best regards,

Mauricio Oviedo

SMB Team

Cisco Support Engineer

Email: moviedo@cisco.com

Phone: 407 241-2965 x4682

Monday through Friday 8:00 a.m. - 5:00 p.m. CDT

I verified that the fix works.

Thanks for the post!!!

OK, I have aaa enabled but get the autocommand failure when just trying to show static routes. What am I doing wrong?

Line has invalid autocommand "show ip route static"

Hi James,

Thanks for posting the fix. I rate it a "5" and hope you continue to follow up like this as it helps everyone who uses the forum.

Best,

Paul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: