The aaa authentication serial console command
enables administrators to require authentication verification to access the PIX
Security Appliance console. Authenticated access to the PIX console involves
different types of prompts, depending on the option that is chosen with the
aaa authentication [serial | enable | telnet | ssh] console
command. The enable and ssh options
allow three tries before stopping access attempts with an access denied
message. By default, both the serial and
telnet options cause the user to be prompted continually
until that user successfully logs in. The administrator may choose to configure
a maximum failed attempts value for local database users. The
serial option requests a username and password before the
first command-line prompt on the serial console connection. The
telnet option forces the user to specify a username and
password before the first command-line prompt of a Telnet console connection.
The enable option requests a username and password before
accessing privileged mode for serial, Telnet, or SSH connections. The
ssh option requests a username and password before the
first command-line prompt on the SSH console connection.
Telnet access to
the Security appliance console is available from any internal interface and
requires previous use of the telnet command. Telnet access
to the outside interface is only available thorugh an IPSec tunnel. SSH access
to the Security appliance console is available from any interface and requires
previous use of the ssh command. An IPSec tunnel is not
required for SSH access to the outside interface.