Cisco Target CLI Configuration
This topic includes CLI commands and parameters for adding Cisco target applications and target accounts.
capam32
This topic includes CLI commands and parameters for adding Cisco target applications and target accounts.
2
Cisco Target Application CLI Parameters
To add a Cisco target application and connector using the CLI, use the addTargetApplication command and the following command parameters:
TargetApplication.type
The target application connector type.
Required | Default Value | Valid Values |
yes | N/A | CiscoSSH |
Attribute.sshPort
The port that is used to connect to the UNIX host using SSH.
Required | Default Value | Valid Values |
no | 22 | 0-65535 |
Attribute.sshSessionTimeout
When using the SSH communication channel, specifies the amount of time in milliseconds that Credential Manager should wait for the remote host to respond.
Required | Default Value | Valid Values |
no | 5000 | 1000-99999 |
Attribute.sshStrictHostKeyCheckingEnabled
Enables or disables strict host key checking. When enabled, Credential Manager compares the public key that is received from the remote host when making a connection to the public key stored in the
sshKnownHostKey
attribute. If the keys do not match, then the connection attempt is canceled.Required | Default Value | Valid Values |
no | false | true, false |
Attribute.sshKnownHostKey
Contains the base-64 encoded public host key that is associated with the target server.
Required | Default Value | Valid Values |
yes if sshStrictHostKeyCheckingEnabled is true | N/A | a base-64 encoded SSH public host key |
Attribute.sshKnownHostKeyFingerprint
Contains the fingerprint of the public host key that is contained in the
sshKnownHostKey
attribute. The fingerprint is used for display purposes only to allow the user to compare one key with another. The fingerprint that is specified must correspond to the specified public host key.Required | Default Value | Valid Values |
no | N/A | a public key fingerprint |
Attribute.sshUseDefaultCiphers
Specifies whether the default ciphers should be used when Credential Manager makes an SSH connection to the remote host.
Required | Default Value | Valid Values |
no | true | true, false |
Attribute.sshServerToClientCiphersList
Specifies the list of ciphers to accept on the inbound data stream from the remote host. Ciphers are listed in order of priority.
Required | Default Value | Valid Values |
yes if sshUseDefaultCiphers is false | aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc | A comma-separated list containing one or more of the following values: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-ctr, arcfour, arcfour128, arcfour256. Do not use spaces in the list. |
Attribute.sshClientToServerCiphersList
Specifies the list of ciphers to use on the outbound data stream to the remote host. Ciphers are listed in order of priority.
Required | Default Value | Valid Values |
yes if sshUseDefaultCiphers is false | aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc | A comma-separated list containing one or more of the following values: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-ctr, arcfour, arcfour128, arcfour256. Do not use spaces in the list. |
Attribute.sshDetectCiphersList
Specifies the list of ciphers to detect when connecting to the remote host. Credential Manager does not attempt to use ciphers that are unavailable even if they are specified to use as inbound and outbound ciphers. Ciphers are listed in order of priority.
Required | Default Value | Valid Values |
yes if sshUseDefaultCiphers is false | aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc | A comma-separated list containing one or more of the following values: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-ctr, arcfour, arcfour128, arcfour256. Do not use spaces in the list. |
Attribute.sshUseDefaultHashes
Specifies whether the default hashes should be used when Credential Manager makes an SSH connection to the remote host.
Required | Default Value | Valid Values |
no | true | true, false |
Attribute.sshServerToClientHashesList
Specifies the list of hashes to accept on the inbound data stream from the remote host. Hashes are listed in order of priority.
Required | Default Value | Valid Values |
yes if sshUseDefaultHashes is false | hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 | A comma-separated list containing one or more of the following values: hmac-md5,hmac-sha1, hmac-sha1-96, hmac-md5-96. Do not use spaces in the list. |
Attribute.sshClientToServerHashesList
Specifies the list of hashes to accept on the outbound data stream from the remote host. Hashes are listed in order of priority.
Required | Default Value | Valid Values |
yes if sshUseDefaultHashes is false | hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 | A comma-separated list containing one or more of the following values: hmac-md5,hmac-sha1, hmac-sha1-96, hmac-md5-96. Do not use spaces in the list. |
Attribute.sshUseDefaultKeyExchangeAlgorithms
Specifies whether to use the default key exchange methods when Credential Manager makes an SSH connection to the remote host.
Required | Default Value | Valid Values |
no | true | true, false |
Attribute.sshKeyExchangeAlgorithmsList
Specifies the list of key exchange methods to use when connecting to the remote host. Methods are listed in order of priority.
Required | Default Value | Valid Values |
yes if sshUseDefaultKeyExchangeAlgorithms is false | diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 | A comma-separated list containing one or more of the following values: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1. Do not use spaces in the list. |
Attribute.sshUseDefaultCompressionAlgorithms
Specifies whether the default compression methods should be used when Credential Manager makes an SSH connection to the remote host.
Required | Default Value | Valid Values |
no | true | true, false |
Attribute.sshServerToClientCompressionAlgorithmsList
Specifies the list of compression methods to accept on the inbound data stream from the remote host. Methods are listed in order of priority.
Required | Default Value | Valid Values |
yes if sshUseDefaultCompressionAlgorithms is false | N/A (do not use compression) | comma-separated list containing one or more of the following values: zlib, [email protected]. Do not use spaces in the list. |
Attribute.sshClientToServerCompressionAlgorithmsList
Specifies the list of compression methods to use on the outbound data stream from the remote host. Methods are listed in order of priority.
Required | Default Value | Valid Values |
Yes if sshUseDefaultCompressionAlgorithms is false | N/A (do not use compression) | A comma-separated list containing one or more of the following values: zlib, [email protected]. Do not use spaces in the list. |
Attribute.sshUseDefaultServerHostKeyAlgorithms
Specifies whether the default host key types should be accepted used when Credential Manager makes an SSH connection to the remote host.
Required | Default Value | Valid Values |
no | true | true, false |
Attribute.sshServerHostKeyAlgorithmsList
Specifies the list of host key types to accept when Credential Manager connects to the remote host.
Required | Default Value | Valid Values |
yes if sshUseDefaultServerHostKeyAlgorithms is false | ssh-rsa,ssh-dss | A comma-separated list containing one or more of the following values: ssh-rsa, ssh-dss. Do not use spaces in the list. |
Attribute.telnetSessionTimeout
When using the Telnet communication channel, specifies the amount of time in milliseconds that Credential Manager should wait for the remote host to respond.
Required | Default Value | Valid Values |
no | 5000 | 1000-99999 |
Attribute.telnetPort
The port that is used to connect to the UNIX host using Telnet.
Required | Default Value | Valid Values |
no | 23 | 0-65536 |
Attribute.ciscoVariant
Specifies the type of Cisco system that is installed on the target server.
Required | Default Value | Valid Values |
no | IOS_12_4 | IOS_10_0, IOS_12_4 or ASA_IOS_7_0_1. |
Attribute.scriptTimeout
Specifies the amount of time in milliseconds that Credential Manager waits to receive some expected input from the remote host.
Required | Default Value | Valid Values |
no | 5000 | 5000-59999 |
Attribute.useUpdateScriptType
Specifies whether the default, revised or replacement update script should be used. We recommend that you use the default script and contact CA Services if a revised script is required.
Required | Default Value | Valid Values |
no | 'DEFAULT' | 'DEFAULT', 'REVISED' or 'REPLACEMENT' |
Attribute.revisedUpdateScriptFilename
Specifies the name of the file containing the revised update script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if a revised script is required.
Required | Default Value | Valid Values |
no | N/A | a file name |
Attribute.useVerifyScriptType
Specifies whether the default, revised, or replacement verify script should be used. We recommend that you use the default script and contact CA Services if a revised script is required.
Required | Default Value | Valid Values |
no | 'DEFAULT' | 'DEFAULT', 'REVISED' or 'REPLACEMENT' |
Attribute.revisedVerifyScriptFilename
Specifies the name of the file containing the revised verify script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if a revised script is required.
Required | Default Value | Valid Values |
no | N/A | a file name |
Attribute.userNameEntryPrompt
A regular expression that matches the prompt that is produced by the remote host when it requests a user name.
Required | Default Value | Valid Values |
no | (?si).*?(login|username):.*? | valid regular expression syntax |
Attribute.passwordEntryPrompt
A regular expression that matches the prompt that is produced by the remote host when it requests a password.
Required | Default Value | Valid Values |
no | (?si)(.*?password(\sfor|:).*?) | valid regular expression syntax |
Attribute.passwordConfirmationPrompt
A regular expression that matches the remote host prompt that is produced when the host requests a password confirmation.
Required | Default Value | Valid Values |
no | AIX: (?si).*?new password.*? All other platforms: (?si).*?password:.*?) | valid regular expression syntax |
Attribute.passwordChangePrompt
A regular expression that matches the prompt produced by the remote host when it requests that a password be changed because it has expired.
Required | Default Value | Valid Values |
no | (?si).*?change your password.*? | valid regular expression syntax |
Cisco Target Account CLI Parameters
To add an Active Directory target account that uses the target connector, use the addTargetAccount command and the following command parameters:
Attribute.useOtherAccountToChangePassword
Specifies whether to use the target account or a different account when updating the target account.
Required | Default Value | Valid Values |
yes | false | true, false |
Attribute.otherAccount
Specifies which other account to use when updating the target account.
Required | Default Value | Valid Values |
yes if Attribute.useOtherAccountToChangePassword is true. | N/A | a valid target account ID. |
Attribute.protocol
Specifies the protocol to use for communicating with the remote host.
Required | Default Value | Valid Values |
yes if useOtherAccountToChangePassword is false | SSH2_PASSWORD_AUTH | SSH2_PASSWORD_AUTH, TELNET |
Attribute.pwType
The credential type; whether it pertains to a user or privileged (or "enable") account.
Required | Default Value | Valid Values |
yes | user | user, privileged |
Attribute.useOtherPrivilegedAccount
Required | Default Value | Valid Values |
yes | false | true, false |
Attribute.otherPrivilegedAccount
Required | Default Value | Valid Values |
no | N/A | a valid target account ID |
Attribute.changeAuxLoginPassword
Required | Default Value | Valid Values |
no | N/A | true, false |
Attribute.changeConsoleLoginPassword
Required | Default Value | Valid Values |
yes | N/A | true, false |
Attribute.changeVtyLoginPassword
Required | Default Value | Valid Values |
no | N/A | true, false |
Attribute.numVTYPorts
Required | Default Value | Valid Values |
yes if changeVtyLoginPassword is true | N/A | 1-15 |
Cisco CLI Example
cmdName=addTargetApplication TargetServer.hostName=www.ca.com TargetApplication.type=CiscoSSH TargetApplication.name=CiscoAttribute.extensionType=CiscoSSH Attribute.useDefaultUpdateScript=true Attribute.useDefaultVerifyScript=truecmdName=addTargetAccount TargetServer.hostName=www.ca.com TargetApplication.name=Cisco TargetAccount.userName=account1TargetAccount.password=password1 Attribute.protocol=SSH2_PASSWORD_AUTH Attribute.useOtherAccountToChangePassword=falsepwType=user useOtherPrivilegedAccount=false changeAuxLoginPassword=false changeConsoleLoginPassword=falsechangeVtyLoginPassword=true numVTYPorts=1