Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

"login" command instead of enable?

I found the other night that on an ASA I was working with I could type login while in unprivileged mode and re-enter the same credentials I had just entered to login to the box (via SSH) to get myself into enable mode without ever having typed the word enable or without knowing the enable password.

Can someone explain this to me? Is it because my user has a privilege level of 15? What should my user level be set to? Why does the login command exist? has this always been the case or is it new with ASA 7.x/8.x code?

How can I disable this functionality so one has to type enable and know the enable password?

1 REPLY
Community Member

Re: "login" command instead of enable?

Hi,

This behavior is normal in case we have the following command on the firewall:

aaa authentication console command is enabled.

Please find a link explaining the same:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1753752

Hope this helps!

Thanks,

Manish

141
Views
0
Helpful
1
Replies
CreatePlease to create content