We should firslty ensure we have setup AAA on the ASA by creating a server group:
aaa-server myTACASServers protocol tacacs+
(and add the relevent AAA servers)
Instruct local SSH authneitcation to be performed by the server group:
aaa authentication ssh console myTACASServers LOCAL
* The 'LOCAL' keyword allows the authentication mechanism to fallback to local users on the device if there are no available aaa servers. *
We should now create a local account as a backup:
username cisco password myStr0ngP@55w0rd! privilage 15
username cisco attributes
service-type nas-prompt
aaa authorization exec authentication-server
Create an RSA key and set SSH version:
crypto key gen rsa modulus 768
ssh version 2
and finally set access-control up:
ssh 10.0.0.0 255.255.255.0 management
No comments:
Post a Comment