network – pix / asa ssh + read only access

Setting up SSH on PIX + restrict access to Read only access

!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.56.2 255.255.255.0
no shut
!
crypto key generate rsa modulus 1024
ssh 0.0.0.0 0.0.0.0 outside
aaa authorization command LOCAL
aaa authentication ssh console LOCAL
!
enable password abc123pass (if you dont set an enable the user can just press enter to access global)

privilege show level 3 mode exec command running-config
username getin password getin privilege 3
enable password getin level 3

Testing from Backtrack 5R3

root@bt:~# ssh getin@192.168.56.2
getin@192.168.56.2’s password: getin
Type help or ‘?’ for a list of available commands.

pixfirewall> enable 3
Password: getin

Then trying to gain config mode

pixfirewall# conf t
^
ERROR: % Invalid input detected at ‘^’ marker.
ERROR: Command authorization failed
pixfirewall#

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s