cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1393
Views
0
Helpful
4
Replies

TACACS user account change at 1st login while using SSH

emsimon2007
Level 1
Level 1

Has anybody been able to change their credentials' password when AAA is done via TACACS and tagged to change their password at first login while accessing the network device through SSH?

It works wonderful with telnet...

4 Replies 4

Premdeep Banga
Level 7
Level 7

Make sure you are not encountering any of the following defect,

CSCdy54970 & CSCin91851

Regards,

Prem

These 2 defects are not accessible to non-Cisco personel. Can you paste the content in this post? Tx.

You need to have a CCO account for the same, its customer visible,

CSCeh76733

CS Password Expire, SSH, Apply Aging Rules

Symptom: Is getting CS Password Expired, using SSH for initial login. Conditions: Password Aging under group setup is set to Apply password change rule. User tried to login with SSH the first time after the admin sets the password. Workaround: None known at this time.

Fixed-In

12.1(22)EA3

12.2(18)SXE

12.2(25)S6

12.2(25)SEA

12.2(25)SEB

12.2(27.7)S

12.3(10.1)T

CSCin91851 Bug Details

Support keyboard-interactive authentication method

Symptom:

When using the router as an ssh server authenticating to an SDI/radius backend, normal authentications work. However, neither the new PIN mode nor Next Token mode dialogues complete successfully.

Conditions:

Issue is only observed in New PIN mode or Next Token mode dialogue.

Specific to SSHv2

Workaround:

Use telnet for authentication or set vty lines to authenticate to Radius

(non-SDI) server instead.

Further Problem Description:

Not all ssh clients support the dialogue required for new pin mode or next token mode to work.

In those that do, for new PIN mode the symptoms are seen as follows:

The user is prompted for a password. The password is entered and is verified. At this point the user is prompted to enter a new PIN. The PIN is taken and appears to be accepted - user is then prompted for password using the new PIN.

"Note: Fix for 12.2(18)SXF and 12.2(33)SXH is worked under a separate bug id.".

Fixed-In

12.4(10.1)T

12.4(17.9)M

12.2(32.8.11)SX142

12.2(33.1.10)SXH

12.4(13f)M

12.2(33)SXH2

12.2(32.8.11)XJC153.1

Regards,

Prem

The OS are fine. We are using VanDyke SCRT client to connect. I am validating from that end as well. And I am using the workaround in CSCin91851 in the meantime.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: