Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

CLI access to PA

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

CLI access to PA

L4 Transporter

@reaper@BPry @Mick_Ball

 

What could cause a superuser to not be able to ssh to the CLI of the PA?

31 REPLIES 31

oops,,, sorry all, just realised there are 2 pages to this , only read the first one, until now, my bad...

He is selecting "SSH" in his client I hope............. and nto a defalut telnet..

@Mick_Ball

no problemoooo

L7 Applicator

Windoze firewall..... ?

@Mick_Ball

Nope its a mac

@reaper @Mick_Ball @RobinClayton @RobinClayton @BPry

 

Could it be another issue if he can get a login prompt. He has a lesser role before and I think they just changed the profile to superuser. I wonder if deleting and recreated the user might fix it, may somehow its holding the old settings

perhaps the SSH authorized_keys needs removing from the user on the MAC, perhaps it changed?

can he telnet IPADDRESS:22  and get a response??

@RobinClayton

telnet is not enabled on the management port for security reasons

telnet to port "22" ,  it's not telent, should respond with SSH server banner for open SSH.

@reaper @BPry @Mick_Ball

 

I got some more information and apparently he gets the login prompt, it allows him to put in his usename and password, and then it appears to kick him out. I suggested deleted and recreating his account but he does not want to do that yet

is he a real superuser or a role based admin with the CLI set to 'none'

 

superuser.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reapersuper.PNG

He is a real superuser from what I can tell

@reaper @BPry

I checked the logs and it looks like it is authenticating his user and then doing nothing

@reaper @BPry @RobinClayton @Mick_Ball

 

The deletion and re-add of the user fixed the issue

  • 8009 Views
  • 31 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!