Cisco Target CLI Configuration

This topic includes CLI commands and parameters for adding Cisco target applications and target accounts.
capam32
This topic includes CLI commands and parameters for adding Cisco target applications and target accounts.
 
 
2
 
 
Cisco Target Application CLI Parameters
To add a Cisco target application and connector using the CLI, use the addTargetApplication command and the following command parameters:
TargetApplication.type
The target application connector type.
Required
Default Value
Valid Values
yes
N/A
CiscoSSH
Attribute.sshPort
The port that is used to connect to the UNIX host using SSH.
Required
Default Value
Valid Values
no
22
0-65535
Attribute.sshSessionTimeout
When using the SSH communication channel, specifies the amount of time in milliseconds that Credential Manager should wait for the remote host to respond.
Required
Default Value
Valid Values
no
5000
1000-99999
Attribute.sshStrictHostKeyCheckingEnabled
Enables or disables strict host key checking. When enabled, Credential Manager compares the public key that is received from the remote host when making a connection to the public key stored in the 
sshKnownHostKey
 attribute. If the keys do not match, then the connection attempt is canceled.
Required
Default Value
Valid Values
no
false
true, false
Attribute.sshKnownHostKey
Contains the base-64 encoded public host key that is associated with the target server.
Required
Default Value
Valid Values
yes if 
sshStrictHostKeyCheckingEnabled
 is true
N/A
a base-64 encoded SSH public host key
Attribute.sshKnownHostKeyFingerprint
Contains the fingerprint of the public host key that is contained in the 
sshKnownHostKey
 attribute. The fingerprint is used for display purposes only to allow the user to compare one key with another. The fingerprint that is specified must correspond to the specified public host key.
Required
Default Value
Valid Values
no
N/A
a public key fingerprint
Attribute.sshUseDefaultCiphers
Specifies whether the default ciphers should be used when Credential Manager makes an SSH connection to the remote host.
Required
Default Value
Valid Values
no
true
true, false
Attribute.sshServerToClientCiphersList
Specifies the list of ciphers to accept on the inbound data stream from the remote host. Ciphers are listed in order of priority.
Required
Default Value
Valid Values
yes if 
sshUseDefaultCiphers
 is false
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
A comma-separated list containing one or more of the following values: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-ctr, arcfour, arcfour128, arcfour256. Do not use spaces in the list.
Attribute.sshClientToServerCiphersList
Specifies the list of ciphers to use on the outbound data stream to the remote host. Ciphers are listed in order of priority.
Required
Default Value
Valid Values
yes if 
sshUseDefaultCiphers
 is false
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
A comma-separated list containing one or more of the following values: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-ctr, arcfour, arcfour128, arcfour256. Do not use spaces in the list.
Attribute.sshDetectCiphersList
Specifies the list of ciphers to detect when connecting to the remote host. Credential Manager does not attempt to use ciphers that are unavailable even if they are specified to use as inbound and outbound ciphers. Ciphers are listed in order of priority.
Required
Default Value
Valid Values
yes if 
sshUseDefaultCiphers
 is false
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
A comma-separated list containing one or more of the following values: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-ctr, arcfour, arcfour128, arcfour256. Do not use spaces in the list.
Attribute.sshUseDefaultHashes
Specifies whether the default hashes should be used when Credential Manager makes an SSH connection to the remote host.
Required
Default Value
Valid Values
no
true
true, false
Attribute.sshServerToClientHashesList
Specifies the list of hashes to accept on the inbound data stream from the remote host. Hashes are listed in order of priority.
Required
Default Value
Valid Values
yes if 
sshUseDefaultHashes
 is false
hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
A comma-separated list containing one or more of the following values: hmac-md5,hmac-sha1, hmac-sha1-96, hmac-md5-96. Do not use spaces in the list.
Attribute.sshClientToServerHashesList
Specifies the list of hashes to accept on the outbound data stream from the remote host. Hashes are listed in order of priority.
Required
Default Value
Valid Values
yes if 
sshUseDefaultHashes
 is false
hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
A comma-separated list containing one or more of the following values: hmac-md5,hmac-sha1, hmac-sha1-96, hmac-md5-96. Do not use spaces in the list.
Attribute.sshUseDefaultKeyExchangeAlgorithms
Specifies whether to use the default key exchange methods when Credential Manager makes an SSH connection to the remote host.
Required
Default Value
Valid Values
no
true
true, false
Attribute.sshKeyExchangeAlgorithmsList
Specifies the list of key exchange methods to use when connecting to the remote host. Methods are listed in order of priority.
Required
Default Value
Valid Values
yes if 
sshUseDefaultKeyExchangeAlgorithms
 is false
diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
A comma-separated list containing one or more of the following values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1. Do not use spaces in the list.
Attribute.sshUseDefaultCompressionAlgorithms
Specifies whether the default compression methods should be used when Credential Manager makes an SSH connection to the remote host.
Required
Default Value
Valid Values
no
true
true, false
Attribute.sshServerToClientCompressionAlgorithmsList
Specifies the list of compression methods to accept on the inbound data stream from the remote host. Methods are listed in order of priority.
Required
Default Value
Valid Values
yes if 
sshUseDefaultCompressionAlgorithms
 is false
N/A (do not use compression)
comma-separated list containing one or more of the following values: zlib, [email protected]. Do not use spaces in the list.
Attribute.sshClientToServerCompressionAlgorithmsList
Specifies the list of compression methods to use on the outbound data stream from the remote host. Methods are listed in order of priority.
Required
Default Value
Valid Values
Yes if 
sshUseDefaultCompressionAlgorithms
 is false
N/A (do not use compression)
A comma-separated list containing one or more of the following values: zlib, [email protected]. Do not use spaces in the list.
Attribute.sshUseDefaultServerHostKeyAlgorithms
Specifies whether the default host key types should be accepted used when Credential Manager makes an SSH connection to the remote host.
Required
Default Value
Valid Values
no
true
true, false
Attribute.sshServerHostKeyAlgorithmsList
Specifies the list of host key types to accept when Credential Manager connects to the remote host.
Required
Default Value
Valid Values
yes if 
sshUseDefaultServerHostKeyAlgorithms
 is false
ssh-rsa,ssh-dss
A comma-separated list containing one or more of the following values: ssh-rsa, ssh-dss. Do not use spaces in the list.
Attribute.telnetSessionTimeout
When using the Telnet communication channel, specifies the amount of time in milliseconds that Credential Manager should wait for the remote host to respond.
Required
Default Value
Valid Values
no
5000
1000-99999
Attribute.telnetPort
The port that is used to connect to the UNIX host using Telnet.
Required
Default Value
Valid Values
no
23
0-65536
Attribute.ciscoVariant
Specifies the type of Cisco system that is installed on the target server.
Required
Default Value
Valid Values
no
IOS_12_4
IOS_10_0, IOS_12_4 or ASA_IOS_7_0_1.
Attribute.scriptTimeout
Specifies the amount of time in milliseconds that Credential Manager waits to receive some expected input from the remote host.
Required
Default Value
Valid Values
no
5000
5000-59999
Attribute.useUpdateScriptType
Specifies whether the default, revised or replacement update script should be used. We recommend that you use the default script and contact CA Services if a revised script is required.
Required
Default Value
Valid Values
no
'DEFAULT'
'DEFAULT', 'REVISED' or 'REPLACEMENT'
Attribute.revisedUpdateScriptFilename
Specifies the name of the file containing the revised update script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if a revised script is required.
Required
Default Value
Valid Values
no
N/A
a file name
Attribute.useVerifyScriptType
Specifies whether the default, revised, or replacement verify script should be used. We recommend that you use the default script and contact CA Services if a revised script is required.
Required
Default Value
Valid Values
no
'DEFAULT'
'DEFAULT', 'REVISED' or 'REPLACEMENT'
Attribute.revisedVerifyScriptFilename
Specifies the name of the file containing the revised verify script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if a revised script is required.
Required
Default Value
Valid Values
no
N/A
a file name
Attribute.userNameEntryPrompt
A regular expression that matches the prompt that is produced by the remote host when it requests a user name.
Required
Default Value
Valid Values
no
(?si).*?(login|username):.*?
valid regular expression syntax
Attribute.passwordEntryPrompt
A regular expression that matches the prompt that is produced by the remote host when it requests a password.
Required
Default Value
Valid Values
no
(?si)(.*?password(\sfor|:).*?)
valid regular expression syntax
Attribute.passwordConfirmationPrompt
A regular expression that matches the remote host prompt that is produced when the host requests a password confirmation.
Required
Default Value
Valid Values
no
AIX: (?si).*?new password.*?
All other platforms: (?si).*?password:.*?)
valid regular expression syntax
Attribute.passwordChangePrompt
A regular expression that matches the prompt produced by the remote host when it requests that a password be changed because it has expired.
Required
Default Value
Valid Values
no
(?si).*?change your password.*?
valid regular expression syntax
Cisco Target Account CLI Parameters
To add an Active Directory target account that uses the target connector, use the addTargetAccount command and the following command parameters:
Attribute.useOtherAccountToChangePassword
Specifies whether to use the target account or a different account when updating the target account.
Required
Default Value
Valid Values
yes
false
true, false
Attribute.otherAccount
Specifies which other account to use when updating the target account.
Required
Default Value
Valid Values
yes if 
Attribute.useOtherAccountToChangePassword
 is true.
N/A
a valid target account ID.
Attribute.protocol
Specifies the protocol to use for communicating with the remote host.
Required
Default Value
Valid Values
yes if 
useOtherAccountToChangePassword
 is false
SSH2_PASSWORD_AUTH
SSH2_PASSWORD_AUTH, TELNET
Attribute.pwType
The credential type; whether it pertains to a user or privileged (or "enable") account.
Required
Default Value
Valid Values
yes
user
user, privileged
Attribute.useOtherPrivilegedAccount
Required
Default Value
Valid Values
yes
false
true, false
Attribute.otherPrivilegedAccount
Required
Default Value
Valid Values
no
N/A
a valid target account ID
Attribute.changeAuxLoginPassword
Required
Default Value
Valid Values
no
N/A
true, false
Attribute.changeConsoleLoginPassword
Required
Default Value
Valid Values
yes
N/A
true, false
Attribute.changeVtyLoginPassword
Required
Default Value
Valid Values
no
N/A
true, false
Attribute.numVTYPorts
Required
Default Value
Valid Values
yes if 
changeVtyLoginPassword
 is true
N/A
1-15
Cisco CLI Example
cmdName=addTargetApplication TargetServer.hostName=www.ca.com TargetApplication.type=CiscoSSH TargetApplication.name=Cisco
Attribute.extensionType=CiscoSSH Attribute.useDefaultUpdateScript=true Attribute.useDefaultVerifyScript=true
cmdName=addTargetAccount TargetServer.hostName=www.ca.com TargetApplication.name=Cisco TargetAccount.userName=account1
TargetAccount.password=password1 Attribute.protocol=SSH2_PASSWORD_AUTH Attribute.useOtherAccountToChangePassword=false
pwType=user useOtherPrivilegedAccount=false changeAuxLoginPassword=false changeConsoleLoginPassword=false
changeVtyLoginPassword=true numVTYPorts=1