Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

adding a user with privilege 5

I've been asked to add a user to our asa 5520 firewall with privilege level 5.

how should I do this? I did:

username test password blah privilege 5

but when they ssh to it they just get to the > prompt. How can they enable without giving them the enable password? I assume this is what they would need to show run?



Everyone's tags (1)
Cisco Employee

I think you will find

I think you will find solution(s) to your problem here:


Thank you for rating helpful posts!

Community Member

thanks.At the moment sh run


At the moment sh run aaa shows this:

aaa authentication ssh console LOCAL

If I create a user with privilege 1 and they ssh in then type in login and enter their username and password they can make any changes they like and write mem?? That can't be right!


Is this because of  aaa authentication ssh console LOCAL ?



Community Member

thanks for the link but even

thanks for the link but even when I give the user privilege 15 this is what I see:
firewall> ?
  clear       Reset functions
  enable      Turn on privileged commands
  exit        Exit from the EXEC
  help        Interactive help for commands
  login       Log in as a particular user
  logout      Exit from the EXEC
  no          Negate a command or set its defaults
  ping        Send echo messages
  quit        Exit from the EXEC
  show        Show running system information
  traceroute  Trace route to destination
firewall> show ? 
  checksum   Display configuration information cryptochecksum
  curpriv    Display current privilege level
  disk0:     Display information about disk0: file system
  disk1:     Display information about disk1: file system
  flash:     Display information about flash: file system
  history    Display the session command history
  inventory  Show all inventory information for all slots
  version    Display system software version
Cisco Employee

Sorry I wasn't paying

Sorry I wasn't paying attention and did not notice that you are asking about ASA :) Can you post the output of the following command:

show run aaa

You need to have a few commands in place to make this work on the ASA. For instance, the following syntax would authenticate and authorize the user admin to priv level 15. Now keep in mind that the user will have to login with the configured username and password. Then the user would have to type enable  and use the same configured password to be authorized and allowed in the exec shell:

username admin password cisco privilege 15
aaa authentication serial console LOCAL 
aaa authentication enable console LOCAL 
aaa authorization exec LOCAL


Thank you for rating helpful posts!

CreatePlease to create content