Re: PIX 501 FV:6.2(1) ssh/telnet username

sthon · ‎09-18-2002

Hi togehter,

how can I change the default ssh/telnet username "pix" to another.

The passwd change is no problem, but i cannot find any cmd to change the default username "pix" to another.

any ideas ??

sascha

scottmac · ‎09-18-2002

I believe you can use

user "name here - no quotes" password "password here"

It will not replace the "pix" user / password, but add another user. You may also need to change the authroization to "Local"

Good Luck

Scott

bs0000554 · ‎09-18-2002

I use an external autentication radius server (IAS Microsoft) to ssh logon and I have to my external account in ssh to log in

eenest · ‎09-18-2002

You can use internal username/password authentication - see below:

Good luck!

-- Eugene

-----------------------------------------------

PIX(config)# help username

USAGE:

username {nopassword|password [encrypted]}

[privilege ]

username privilege

[no|show} username {]

clear username

DESCRIPTION:

username Configure user authentication local database

SYNTAX:

The name of the user

Indicates that this user has no password

The password for this user

encrypted Indicate the entered is encrypted

The privilege level for this user

PIX(config)#

sthon · ‎09-18-2002

Hi Eugene,

that sounds fine, but does not work for ssh. :-(

ffmlog1:ksh 159 net>ssh -l pix 194.8.95.38

pix@194.8.95.38's password:

Type help or '?' for a list of available commands.

yfr-15kwe1>

yfr-15kwe1> ena

Password: *******

yfr-15kwe1# conf t

yfr-15kwe1(config)# username sthon password test

yfr-15kwe1# show username sthon

username sthon password VSkgrAjzs/g8UQqB encrypted privilege 2

and now try to connect with the new user "sthon":

ffmlog1:ksh 1683 net>ssh -l sthon 194.8.95.38

sthon@194.8.95.38's password:

Permission denied.

some more ideas ?

sthon

eenest · ‎09-19-2002

It works for me. See below:

======================================================

[root@slack81 root]# ssh -l eenest -c des 10.1.1.1

Warning: use of DES is strongly discouraged due to cryptographic weaknesses

eenest@10.1.1.1's password:

Type help or '?' for a list of available commands.

PIX>

PIX> ena

Password: *********

PIX# sho username

username eenest password *********** encrypted privilege 2

PIX#

PIX# sho ver

Cisco PIX Firewall Version 6.2(2)

Cisco PIX Device Manager Version 2.0(2)

Compiled on Fri 07-Jun-02 17:49 by morlee

PIX up 28 days 1 hour

Hardware: PIX-515, 32 MB RAM, CPU Pentium 200 MHz

==================================

Probably there's some other problem.

In reality - the output you sent me is meaningless.

Can you send the debug output?

-- Eugene

sthon · ‎09-19-2002

Hi Eugene,

which debug do you wanna see ?

I cannot fine some authentication debug on the 501 :-(

some more infos: I use PIX 501 with 6.2(1)

yfr-15kwe1# sh ver

Cisco PIX Firewall Version 6.2(1)

Cisco PIX Device Manager Version 2.0(1)

Compiled on Wed 17-Apr-02 21:18 by morlee

yfr-15kwe1 up 1 day 21 hours

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

regards

sascha