Filter
Top Products
38-28
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 38 Configuring AAA Servers and the Local Database
Configuring AAA
Step 7 (Optional) Check the Authentication Enable check box to prevent users from modifying their own user
account. If authentication is enabled, users cannot change their own password or delete their own
account with the username command or with the clear configure username command.
Step 8 To reset the password policy to the default ASA policy value, click Reset to Default.
Step 9 Click Apply to save the configuration settings.
Changing User Passwords
The ASA enables administrators with the necessary privileges to modify passwords for users in the
current context. Users must authenticate with their current passwords before they are allowed to change
passwords. However, authentication is not required when an administrator is changing a user password.
To enable users to change their own account passwords, peform the following steps:
Step 1 In the ASDM main application window, choose Configuration > Device Management > Users/AAA >
Change Password.
Step 2 Enter your old password.
Step 3 Enter your new password.
Step 4 Confirm your new password.
Step 5 Click Make Change.
Step 6 Click the Save icon to save your changes to the running configuration.
Authenticating Users with a Public Key for SSH
Users can authenticate with a public key for SSH. The public key can be hashed or not hashed.
To authenticate with a public key for SSH, perform the following steps:
Step 1 In the ASDM main application window, choose Configuration > Device Management > Users/AAA >
User Accounts.
Step 2 Select a user from the list, then click Edit.
The Edit User Account dialog box appears.
Step 3 Click Public Key Authentication in the navigation pane.
Step 4 If you want to hash the public key, check the Key is hashed check box. To not have the public key
hashed, leave this check box unchecked.
If the public key is hashed, the value of the public key must have been previously hashed with SHA-256
and be 32 bytes long, with each byte separated by a colon (for parsing purposes).
If the public key is not hashed, the value of the key must be a Base 64 encoded public key that is
generated by SSH key generation software that can generate SSH-RSA raw keys (that is, with no
certificates). After you submit the Base 64 encoded public key, that key is then hashed via SHA-256 and
the corresponding 32-byte hash is used for all further comparisons.