Device Passwords. Using SSH, Console, VTY, and AAA

Similar Messages

• I keep getting a message about my phone number being used for iMessage on a new iPhone. How can I see what devices are using my iMessage account and phone number?

  The message "Your phone number is now being used for imessage on a new iPhone" Keeps appearing on my macbook pro. It also says "If you just activated iMessage on a new iPhone, you can ignore this alert." But the only option is to ignore the alert, because the only thing I can do with it is click "ok" and dismiss it. Is there a way I can look at a list of the devices using my iMessage account, and if there are devices that I don't recognize on that list, how can I block them from using my account?

  Hi If you have another Apple  device check on that screen & accept. Cheers Brian

• HT4199 how do I fix it when "another device is using computer IP address" and I can't get wireless to work anymore? It used to work fine.

  How do I fix it when "another device is using computer IP address"? Airport used to work fine. I've already tried turning everything on and off several times.

  I would recommend that you do the following as a minimum:
  Power-down the modem, AirPort base station, and computer(s).
  Power-up the modem; wait at least 10-15 minutes to allow it adequate time to initialize.
  Power-up the AirPort base station; wait at least 5-10 minutes. Note: The AirPort's status light may continue to flash amber after it has intialized. That is because, there may be some additional configuration items necessary, like setting up wireless security, before the overall setup is completed to get a green status.
  Power-up your computer(s).
  If the above steps do not solve the problem, start over with step 1 above, but then perform the next steps between steps 1 & 2. above.
  Disconnect the AirPort base station from the Internet broadband modem.
  While all of the devices are powered-down, perform a "factory default" reset on the base station. This will get it back to its "out-of-the-box" configuration and make setting it up much easier, especially if you use the "Assist me" process within the AirPort Utility. (ref: Resetting an AirPort Base Station or Time Capsule)
  After the base station resets, go ahead and power it back down.
  Reconnect the AirPort base station to the Internet broadband modem. For the Extreme and Time Capsule, be sure to connect the cable to the base station's WAN (circle-of-dots) port.
  Continue with step 2 in the first set of steps.
  In this basic configuration, the AirPort base station will broadcast an unsecured wireless network with a Network Name (SSID) of Apple Network NNNNNN. Network clients, connected to the base station either by wire or wireless, should now be able to access the Internet through the ISP's modem. Once Internet connectivity has been verified, you can use the AirPort Utility to configure the base station for wireless security and any other desired options. Please post back your results.

• Why do my firewalls only use the domain username and password for login and enable passwords, not a different enable password like my switches do? The RADIUS config looks the same...

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  Issue:
  Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
  Background:
  We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
  Switches:
  Username:domain-username
  Password:domain-password
  SWITCH>enable
  Password:enable-password-in-Active-Directory
  SWITCH#
  Firewalls (as they currently are):
  Username:domain-username
  Password:domain-password
  FIREWALL>enable
  Password:domain-password
  FIREWALL #
  With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
  Current switch configuration:
  aaa new-model
  aaa authentication login default group radius local
  aaa authentication enable default group radius enable
  aaa authorization exec default group radius local
  aaa session-id common
  radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
  radius-server source-ports 1645-1646
  radius-server key 7 1234abcd
  Current firewall configuration:
  aaa-server DC01 protocol radius
  aaa-server DC01 (outside) host 192.168.0.1
  aaa authentication ssh console DC01 LOCAL
  aaa authentication enable console DC01 LOCAL
  key 1234abcd
  Any help would be great, thanks!

  Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
  But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
  Firewalls :
  Username:domain-username
  Password:domain-password
  FIREWALL>show curpriv
  Username : domain-username
  Current privilege level : 1
  Current Mode/s : P_UNPR
  FIREWALL>enable
  Password:enable-password-from-running-config
  FIREWALL #show curpriv
  Username : enable_15
  Current privilege level : 15
  Current Mode/s : P_PRIV
  If you're using Authorization and Accounting it's recommended to stick with your current behavior.

• Airport Extreme message states I don't have an IP address and also states that another device is using my IP address.  At

  I am getting two error messages as I attempt to login on my iMac.  One says I don't have an IP address and another says that another device is using my IP address and won't allow me to login.  Any advice?

  Is your AirPort Extreme Base Station (AEBS) the only router in your network configuration? That is, is it connected directly (by Ethernet) to an Internet Broadband modem OR to another router upstream of it? Regardless, what it the make & model of the device that it is connected to in order for it to gain Internet access?

• ASA in MultiContext mode and AAA

  Hi
  have two firewalls (ASA5540, ver8.2); one configured in multi mode (called A) and second configured in single mode (called B).
  Have Cisco ACS setup to perform AAA for both firewalls. Both (A,B) can authenticate using ACS (tacacs+) no problem. Local cauthorization is setup as fallback if ACS does not work.
  For firewall A (single mode) the ACS can perform authentication, authorization and accounting. Have setup a readonly and full access groups in ACS to provide readonly (only limited show commands available) and full access (read write) to firewalls. This works very well.
  Firewall B (in multimode) can provide authentication and accounting OK (not alll accounting info but some login messages are available), but cannot provide authorization. Simple, that option is not available in ASDM (user setup/AAA) and only LOCAL is available for authorization.
  Entering from CLI "aaa authorization command TACACS-ACS LOCAL" on firewall B, the message back say that only tacacs+ and local methods are available.
  Entering "aaa authorization command tacacs+ local" on firewall B, the message back say that local method is not defined but tacacs+ argument does not bring any errors.
  Bellow are commands entered in firewall A and are working fine:
  aaa-server RADIUS-ACS protocol radius
  aaa-server RADIUS-ACS (inside) host 1.1.1.2
  key xxxxx
  aaa-server TACACS-ACS protocol tacacs+
  aaa-server TACACS-ACS (inside) host 1.1.1.2
  key xxxxx
  aaa authentication ssh console TACACS-ACS LOCAL
  aaa authentication http console TACACS-ACS LOCAL
  aaa authentication enable console RADIUS-ACS LOCAL
  aaa authorization command TACACS-ACS LOCAL
  aaa accounting ssh console RADIUS-ACS
  aaa accounting command TACACS-ACS
  aaa accounting telnet console RADIUS-ACS
  Questions: is multimode firewall behive different then singel mode when it comes to AAA?
  If it does, how to setup AAA on multicontext firewall? Thur system, admin or individual contexts?
  What command(s) are missing from bellow to make multicontext authorized by AAA?
  i am trying to avoid entering autheorization commands and levels on every context individually.
  Constructive feedback appreciated.
  Regards,

  Hello,
  I guess you will have to configure the AAA configuration on individual contexts.
  The following link throws some light on the same.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml
  It says:
  The system execution space does not support any  AAA commands, but you can configure its own enable password, as well as  usernames in the local database to provide individual logins.
  Hope this helps.
  Regards,
  Anisha
  P.S.: Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

• How can I connect CWMS using SSH?

  Hello.
  yesterday, I installed CWMS 1.1 at my esxi server.
  in progressing, I discovered linux's watchdog alert.
  to fix this problem, I tried to connect to CWMS console using SSH.
  but, I failed to connect SSH console.
  at installation guide, I found that 'only Cisco TAC can connect SSH console.'
  as this document say, maybe I could enter the CWMS using SSH console. isn't it?
  someone who can connect CWMS is there, please share tips.
  thanks.

  Hello Lee,
  Those watchdog alerts are normal and very safe to ignore, has no impact on the system.
  SSH or Console access is disabled and can only be accessed by TAC during any troubleshooting.
  HTH
  Arun

• Using SSH with Applescript

  I'll jump straight to it. Using standard applescript script editor.
  do shell script "ssh remotecomputer.local"
  (I can connect fine btw if I just run the above command from terminal.)
  When I execute the script, I get some errors.
  Pseudo-terminal will not be allocated because stdin is not a terminal.
  Permission denied, please try again.
  Permission denied, please try again.
  Permission denied (publickey,gssapi-keyex-gssapi-with-mic,password,keyboard-interactive).
  I'm using SSH protocol 2 and password authentication. I'm aware that I could just setup both computers to authenticate with public keys and eliminate the need for a password, but in my situation I would like to keep password authentication.
  Any ideas?

  My main reason for sticking behind password authentication is the script needs to be portable across different machines;
  IMHO this is a stronger argument for using public key authentication rather than password.
  Using public key authentication means that you know all the machines that can log in and transfer files. If a machine is lost or stolen you remove that machine's key and move on with your life.
  By comparison if you rely on passwords you have absolutely no control. Anyone at any location can connect.
  If the password is compromised (trivial to do if you're including it in the script) you're completely hosed. You can't change the password because it'll break every legitimate user's access to the server.
  If you consider the ways this could lead to problems - lost/stolen machine, disgruntled employee (or ex-employee), brute-force attack, etc. - you're just asking for trouble.
  >If password exposure occurs in the script code, couldn't the script simply be saved as "run only" to prevent it from being viewed?
  No. Run-only scripts do not encrypt static strings included in the AppleScript. All it does is mask the script text, program logic, etc., but variable names, handler names and static text can still be extracted.

• Hi my partner used my email address and iTunes account to set up his iPhone and now both our phones have merged! Does anyone know how to separate these? Can he still use our iTunes account with a different Id or email! Please help!!

  HI my partner used my apple id and email address when setting up his iPhone so when he turned on iCloud our phones merged!! How do we undo this? Can he still use my iTunes account with a different Id and can he change the email on his phone without losing information? Also iPad is linked too, the family uses this and I would like to keep my phone separate! At the moment nothing is sacred! Please help! We are not very good with computers!!

  Several things here so let me attempt to clarify.
  For iCloud the reason the contacts where removed from he other device is because you updated your contacts, in this case deleted them, and then iCloud updated the other device to match. By deleting the iCloud account on the device it will stop the device from using that iCloud account and therefore nothing will change on the other device. By using a seperate Apple ID you can still use the features of iCloud, Find My iPhone comes to mind, without your content (contacts, message etc.) merging with the other device
  For iTunes, you cannot use two Apple IDs for one account however if you use the same account iTunes on your computer will keep the content on each device seperate very nicely. You can also configure the settings for iTunes and the App store on each device to keep the content from automatically downloading to the other device. What I meant by share apps and music is this. What happens if you find a game, lets say Minecraft, that you really like and it cost, as Mincraft cost, $6.99USD. You buy it and play for a while and then you realize that your husband really likes the game as well. If you both use the same Apple ID for iTunes he can download the $7.00ish game to his device at no additional charge. If you use seperate Apple IDs for iTunes well... it look like he will also be paying for the game to have it on his account. Same goes for Music and Movies
  I hope that clears things up. Let me know if you have anymore question.

• How can i determine which devices are used at the moment?

  Hi all,
  I am designing an interface with LabVIEW for uing agilent devices. My work colleagues will use this interface.  I want to determine which devices are used at the moment and if I determine used device, i will add automatically device names to interface's main vi. So all my work colleagues can see on the program which devices are used by another colleague. This devices are connected with GPIB. İ want to learn is there any function on Instrument I/O palette.
  Thanks,
  Omer
  Solved!
  Go to Solution.

  Hi Omer,
  so those devices are connected to the PC with a GPIB connection. Will your collegues run several DAQ programs at the same time?
  GPIB-devices being controlled by PC don't have a "in use"-signal. They wait for commands, execute them and send an answer. When you start to control them using two programs they may respond to both programs, mixing up settings/measurement values and so on.
  That being said: In MAX you can see all devices connected to your GPIB port. You could scan the GPIB port using VISA commands in your program. You might even try to access a certain device by it's VISA alias. I really don't know if you will get a "device nopt available" error message when that VISA alias is in use by a different program - but you might do a quick test on your own…
  Best regards,
  GerdW
  CLAD, using 2009SP1 + LV2011SP1 + LV2014SP1 on WinXP+Win7+cRIO
  Kudos are welcome

• When setting up my Time Capsule I get an error message that another device is using my computer's IP address.  What can I do about this?

  When I am setting up my new Time Capsule I get a pop up window that says another device is using my IP address and I have to change it.  My time capsule will not work or connect to the Internet.  I assume that is why.  Everything is plugged in as should be.  I also have a wireless DVD player and my DISH network plugged in to the Ethernet of the Time Capsule.

  You need to do the setup of the TC before you plug it into the network.. you obviously already have a router, so set the TC up as bridge device.. in airport utility/internet tab/connection sharing.. off bridge mode.. then you can plug it into the network and whatever is main router will do its job properly.
  If this is not the case, then you have a static IP setup somewhere.. or another dhcp server.. track down and remove it.

• Using SSH as a secure channel for other programs

  Hi,
  I'm wondering if it's possible to use an SSH connection as a generic secure channel for other programs. I want to write a server-client program where I can open up an SSH channel first and then have the server and client communicate over it. If there is some other way to communicate via a secure channel and using SSH-like users and keys that would be great too.

  fukawi2 wrote:
  Basu wrote:It's a simple message exchange system.
  I've been looking into this... Best solution I've found is AMQP / RabbitMQ.
  (I hate reinventing the wheel)
  Well, reinventing the wheel can teach you a great deal IMO. That usally how I get to learn how stuff works

• Another device is using my IP address?

  This morning I started my computer up and a notice popped up on my screen. It said another device was using my IP address and to try again later. I'm not sure what I was supposed to try again later and does this mean my computer has been hacked or is being remotely accessed somewhere? Thanks for any help.

  If they are sharing a router, then they are on the same network. Next time you see that error, write down the IP that's conflicted. Then check your computers' and router's IP addresses. If one device say, your router, has that IP address, and one notebook is trying to acquire the same IP, then you've pinpointed your conflict.

• HT4993 I used and have used my yahoo email and that email address for my calendar and suddenly dates are disappearing why?

  Dates in my calendar have disappeared?

  The path may be long and tedious, grasshopper.
  Actually, the download of Office 2011 for Mac probably was not legal and may have contained bugs or other things meant to make it unstable, or invite a host of issues. The usual path would be Office 2011 for Mac on DVD so you could reinstall it and add the extras from the disc as needed; or fix the installation later on. The updates for security were downloads from Microsoft servers. You'd need a legitmate version with pass code.
  Options for Mac and office-like application suites include Libre Office, NeoOffice, and these run free. The latter supports up to Mavericks. 10.9.1 now. They have a word, excel, and other parts a lot like the real office.
  If you have a working clone of the system prior to installing the Office 2011 for Mac download and any subsequent and perhaps unseen extras, you could revert to it simply by restarting the computer from the clone, where it resides in externally enclosed self-powered hard disk drive, of a type known to support OS X clones... With ports to help work with most modern Macs. FireWire + USB. Then, clone it back w/ carbon copy cloner.
  Short of that, perhaps someone will see your post and offer some indepth method of hunting down bugs via use of Console logs; and maybe booting into Terminal utility to use unix code. It can be rather involved. Maybe Linc Davis will offer some detailed reply that will invite you to read carefully and try it.
  I've given up using computers long ago.
  A pet raven has been taught to write this.
  Good luck & happy computing!

• Device Password stuck "on"

  Tried and failed to add a Microsoft Exchange ActiveSync account to my Z10. Since then, the device requires a password to unlock. Under Settings/Security and Privacy/Device Password, it states "IT policy requires device password to be set.", and the on/off toggle is greyed out.
  I want to turn off the device password. There's no Exchange account for me to delete from the device because adding it failed.
  Any suggestions welcome.
  Solved!
  Go to Solution.

  Hello mitcheubanks,
  Sorry to hear you're having an issue with removing the password.
  To clarify, under Settings>Accounts there is no Balance account? 
  If you swipe down from the top of the bezel (where you see Settings, Bluetooth, Wi-Fi etc), do you see a briefcase icon or Balance icon? If so are you able to tap into it? Do you see the delete icon?
  Thanks!
  -HMthePirate
  Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!