Solved: Re: when i ssh in not going straight into enable mode

robertkwild · ‎02-26-2024

hi all,

so this is what it looks like when i ssh in the switch, as you can see i need to go into "enable mode"

login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
4510MCR01>enable
Password:
4510MCR01#

but i have made it so my user auto goes into run mode 15 ie read/write, il show you in "sh run"

username admin privilege 15 secret 5

anything else i need to do for my user to go straight in enable mode

thanks,

rob

robertkwild · ‎02-27-2024

solved it

aaa new-model
aaa authentication login default local 
aaa authorization exec default local

now admin auto logs in as enable mode and when i set a new user ie

username user secret password

when i log in as that user i dont get auto enable mode so it works!

View solution in original post

MHM Cisco World · ‎02-26-2024

Yes you need

Aaa authorization exec defualt local

If you use aaa new-model and only local user

MHM

robertkwild · ‎02-26-2024

didnt work

MHM Cisco World · ‎02-26-2024

can I see the aaa config and vty line
MHM

robertkwild · ‎02-26-2024

aaa new-model
!
!
aaa authorization exec defualt local
!
!
!
!
!
!
aaa session-id common

line vty 0 4
 session-timeout 10
 transport input ssh
line vty 5 15
 transport input ssh

i couldnt delete 0 4 as i imagine its the system

MHM Cisco World · ‎02-26-2024

this example show you that using exec work for users
BUT the note I see I dont if it bug or it hardcoded in SW/R of Cisco
is username admin can not access after add exec so add new username and specify priv for it and make exec direct the user to it privilege level.
thanks

MHM

robertkwild · ‎02-26-2024

but i dont want every user to go into enable mode by default, only certain usernames

i have these in my "sh run" , what are these and are these the reason

aaa new-model

aaa session-id common

MHM Cisco World · ‎02-26-2024

The other user that use privilege less than 15 and you after add above command will need to add enable password to access conf+t

For user that have privilege 15 no need that.

This again if you use only user in local db.

MHM

ammahend · ‎02-26-2024

under line vty configure this and try

line vty 0 4

privilege level 15

-hope this helps-

robertkwild · ‎02-26-2024

but wont this mean anyone will go into default enable mode?

ammahend · ‎02-26-2024

If they have Priv15 credential they will get into priv mode not enable mode.

-hope this helps-

robertkwild · ‎02-26-2024

but my user is already privilege 15, my problem is when i login ssh its not going straight to enable

balaji.bandi · ‎02-26-2024

what device model and IOS code running on it ?

Hope you are working on Local users (not any TACACS ?) - below example one user with enable password - other with directly to enable mode.

enable password mypassword
enable secret mysecret
username user1 pass userpass
username balaji privilege 15 pass bandipassword
!
line vty 0 4
login local
privilege level 15

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help