<div dir="ltr"><div>I think so. Having this detected by clogin would definitely help many others.<br>-Azher<br></div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 1, 2018 at 8:36 PM, Piegorsch, Weylin William <span dir="ltr"><<a href="mailto:weylin@bu.edu" target="_blank">weylin@bu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" link="blue" vlink="purple" lang="EN-US">
<div class="m_5917534606628693243WordSection1">
<p class="MsoNormal">Awesome. Though, since it’s the default parameter, would it make sense to account for it in clogin?<u></u><u></u></p>
<p class="MsoNormal">weylin<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:.5in"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Azher <<a href="mailto:azheramin@gmail.com" target="_blank">azheramin@gmail.com</a>><br>
<b>Date: </b>Monday, January 1, 2018 at 23:09<br>
<b>To: </b>Weylin Piegorsch <<a href="mailto:weylin@bu.edu" target="_blank">weylin@bu.edu</a>></span></p><div><div class="h5"><br>
<b>Subject: </b>Re: [rancid] ASA-5585 Enable mode<u></u><u></u></div></div><p></p>
</div><div><div class="h5">
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
Thanks, that fixed it.<br>
<br>
no aaa authentication login-history<u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
-Azher<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in">On Mon, Jan 1, 2018 at 7:18 PM, Piegorsch, Weylin William <<a href="mailto:weylin@bu.edu" target="_blank">weylin@bu.edu</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal" style="margin-left:.5in">This is a behavior change to the ASA made in version 9.8. I believe it’s a response to a US DOD mandate, to aid in detecting unauthorized logins. At least, that was a requirement implemented sometime around 2005
(for systems that supported the capability), though I can’t find a .mil URL more recent than 2008 discussing the requirement (though I can find it referenced in some current commercial locations like Red Hat’s site).<br>
<br>
I noticed it recently in lab trials; I had assumed Cisco decided it made sense to make this the normal behavior for all deployments, given ASA stands for Adaptive Security Appliance. I hadn’t noticed it in rancid, since I’m still in lab trials.<br>
<br>
Luckily, it’s configurable, see “Enable and View the Login History” at this URL:<br>
<a href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/admin-management.pdf" target="_blank">https://www.cisco.com/c/en/us/<wbr>td/docs/security/asa/asa98/<wbr>configuration/general/asa-98-<wbr>general-config/admin-<wbr>management.pdf</a><br>
<span style="color:#888888"><br>
<span class="m_5917534606628693243hoenzb">weylin</span></span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<br>
-----Original Message-----<br>
From: heasley <<a href="mailto:heas@shrubbery.net" target="_blank">heas@shrubbery.net</a>><br>
Date: Sunday, December 31, 2017 at 16:19<br>
To: Azher <<a href="mailto:azheramin@gmail.com" target="_blank">azheramin@gmail.com</a>><br>
Cc: <<a href="mailto:rancid-discuss@shrubbery.net" target="_blank">rancid-discuss@shrubbery.net</a>><br>
Subject: Re: [rancid] ASA-5585 Enable mode<br>
<br>
Thu, Dec 28, 2017 at 06:42:46PM -0800, Azher:<br>
> Hi All,<br>
><br>
> Our current Cisco ASA devices "ASA5550" , 8.4(7)30, work fine with RANCID.<br>
><br>
> Same config does not work for ASA-5585, 9.8(1). I am not sure why it is<br>
> sending "admin" twice and later it sends "enable" at the prompt .... Any<br>
> suggestions ?<br>
><br>
> add user sslvpnb admin<br>
> add password sslvpnb pass1 pass2<br>
> add autoenable sslvpnb 0<br>
> add method sslvpnb ssh<br>
><br>
> [rancid@rancid ~]$ more var/asa/router.db<br>
> sslvpn1;cisco;up<br>
> sslvpn2;cisco;up<br>
> sslvpna;cisco;up<br>
> sslvpnb;cisco;up<br>
><br>
> [rancid@rancid ~]$ clogin sslvpnb<br>
> sslvpnb<br>
> spawn ssh -c aes128-ctr,aes128-cbc,3des-cbc -x -l admin sslvpnb<br>
> admin@sslvpnb's password:<br>
> User admin logged in to sslvpnb<br>
> Logins over the last 44 days: 29. Last login: 18:09:41 PST Dec 28 2017<br>
> from <a href="tel:68.181.191.19" target="_blank">68.181.191.19</a><br>
> Failed logins since the last login: 0. Last failed login: 06:47:32 PST Dec<br>
> 28 2017 from 68.181.191.19<br>
<br>
its sending admin again because it sees "login:" before a prompt. why<br>
is it displaying this?<br>
<br>
> Type help or '?' for a list of available commands.<br>
> sslvpnb> admin<br>
> ^<br>
> ERROR: % Invalid input detected at '^' marker.<br>
><br>
> Error: Unrecognized command, check your enable command<br>
> sslvpnb> admin<br>
> ^<br>
> ERROR: % Invalid input detected at '^' marker.<br>
> sslvpnb> enable<br>
> Password:<br>
> Invalid password<br>
> Password:<br>
> Invalid password<br>
> Password:<br>
> Invalid password<br>
> Access denied.<br>
> sslvpnb><br>
><br>
><br>
> Thanks<br>
> -Azher<br>
<br>
> ______________________________<wbr>_________________<br>
> Rancid-discuss mailing list<br>
> <a href="mailto:Rancid-discuss@shrubbery.net" target="_blank">Rancid-discuss@shrubbery.net</a><br>
> <a href="http://www.shrubbery.net/mailman/listinfo/rancid-discuss" target="_blank">
http://www.shrubbery.net/<wbr>mailman/listinfo/rancid-<wbr>discuss</a><br>
<br>
<br>
<br>
<u></u><u></u></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
</blockquote></div><br></div>