Re: TACACS user account change at 1st login while using SSH
You need to have a CCO account for the same, its customer visible,
CS Password Expire, SSH, Apply Aging Rules
Symptom: Is getting CS Password Expired, using SSH for initial login. Conditions: Password Aging under group setup is set to Apply password change rule. User tried to login with SSH the first time after the admin sets the password. Workaround: None known at this time.
CSCin91851 Bug Details
Support keyboard-interactive authentication method
When using the router as an ssh server authenticating to an SDI/radius backend, normal authentications work. However, neither the new PIN mode nor Next Token mode dialogues complete successfully.
Issue is only observed in New PIN mode or Next Token mode dialogue.
Specific to SSHv2
Use telnet for authentication or set vty lines to authenticate to Radius
(non-SDI) server instead.
Further Problem Description:
Not all ssh clients support the dialogue required for new pin mode or next token mode to work.
In those that do, for new PIN mode the symptoms are seen as follows:
The user is prompted for a password. The password is entered and is verified. At this point the user is prompted to enter a new PIN. The PIN is taken and appears to be accepted - user is then prompted for password using the new PIN.
"Note: Fix for 12.2(18)SXF and 12.2(33)SXH is worked under a separate bug id.".
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...