Configure AAA on the PIX Security Appliance
PIX Security Appliance access authentication

The aaa authentication serial console command enables administrators to require authentication verification to access the PIX Security Appliance console. Authenticated access to the PIX console involves different types of prompts, depending on the option that is chosen with the aaa authentication [serial | enable | telnet | ssh] console command. The enable and ssh options allow three tries before stopping access attempts with an access denied message. By default, both the serial and telnet options cause the user to be prompted continually until that user successfully logs in. The administrator may choose to configure a maximum failed attempts value for local database users. The serial option requests a username and password before the first command-line prompt on the serial console connection. The telnet option forces the user to specify a username and password before the first command-line prompt of a Telnet console connection. The enable option requests a username and password before accessing privileged mode for serial, Telnet, or SSH connections. The ssh option requests a username and password before the first command-line prompt on the SSH console connection.

Telnet access to the Security appliance console is available from any internal interface and requires previous use of the telnet command. Telnet access to the outside interface is only available thorugh an IPSec tunnel. SSH access to the Security appliance console is available from any interface and requires previous use of the ssh command. An IPSec tunnel is not required for SSH access to the outside interface.