network – pix / asa ssh + read only access

Setting up SSH on PIX + restrict access to Read only access

interface Ethernet0
nameif outside
security-level 0
ip address
no shut
crypto key generate rsa modulus 1024
ssh outside
aaa authorization command LOCAL
aaa authentication ssh console LOCAL
enable password abc123pass (if you dont set an enable the user can just press enter to access global)

privilege show level 3 mode exec command running-config
username getin password getin privilege 3
enable password getin level 3

Testing from Backtrack 5R3

root@bt:~# ssh getin@
getin@’s password: getin
Type help or ‘?’ for a list of available commands.

pixfirewall> enable 3
Password: getin

Then trying to gain config mode

pixfirewall# conf t
ERROR: % Invalid input detected at ‘^’ marker.
ERROR: Command authorization failed

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s