EasyManua.ls Logo

Cisco ASA 5515-X

Cisco ASA 5515-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1-29
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Servers and the Local Database
Configuring AAA
Configuring VPN Policy Attributes for a User
Prerequisites
This procedure describes how to edit an existing user.For more information see Adding a User Account
to the Local Database” section on page 1-22.
Detailed Steps
Authenticating Users with a Public Key for SSH
Users can authenticate with a public key for SSH. The public key can be hashed or not hashed.
To authenticate with a public key for SSH, enter the following command:
Differentiating User Roles Using AAA
The ASA enables you to distinguish between administrative and remote-access users when they
authenticate using RADIUS, LDAP, TACACS+, or the local user database. User role differentiation can
prevent remote access VPN and network access users from establishing an administrative connection to
the ASA.
To differentiate user roles, use the service-type attribute in username configuration mode. For RADIUS
and LDAP (with the ldap-attribute-map command), you can use a Cisco Vendor-Specific Attribute
(VSA), Cisco-Priv-Level, to assign a privilege level to an authenticated user.
This section includes the following topics:
Using Local Authentication, page 1-30
Using RADIUS Authentication, page 1-30
Command Purpose
username {user} attributes ssh authentication
publickey key [hashed]
Example:
hostname(config)# username anyuser ssh authentication
publickey key [hashed]
Enables public key authentication on a per-user basis. The
value of the key argument can be one of the following:
When the key argument is supplied and the hashed tag is
not specified, the value of the key must be a Base 64
encoded public key that is generated by SSH key
generation software that can generate SSH-RSA raw keys
(that is, with no certificates). After you submit the Base
64 encoded public key, that key is then hashed via
SHA-256 and the corresponding 32-byte hash is used for
all further comparisons.
When the key argument is supplied and the hashed tag is
specified, the value of the key must have been previously
hashed with SHA-256 and be 32 bytes long, with each
byte separated by a colon (for parsing purposes).
When you save the configuration, the hashed key value is
saved to the configuration and used when the ASA is
rebooted.

Table of Contents

Other manuals for Cisco ASA 5515-X

Related product manuals