Does transit-vpc-cisco-configurator execute "enable" on login?

[leighmhart]

We've recently configured our CSRs to allow both SSH-key and TACACS login for management purposes. This no longer automatically drops the SSH session into "enable" mode by default. Does the transit-vpc-cisco-configurator assume enable mode by default or does it execute "enable" as the first command before trying to configure the CSR?

[bobrich]

Not with AWS but in reviewing the code it does not issue an enable command. If you've updated the config to support SSH-key and TACACS you should be able to configure the user to have a default privilege level of 15.

Also, the software will back down to password authentication if the SSH auth does not work. You could use a TACACS account if you like and pass the privilege level in the TACACS response.

[leighmhart]

@bobrich thanks - there were some issues in the CSR latest IOS that didn't allow both TACACS and SSH-key users to automatically drop into priv15 but we did resolve it for SSH-key users so the configurator is unaffected.