How is Unix Auth performed on Cisco devices? And does Qualys consider that it is Cisco IOS and run other than the "normal" Unix commands?
Maybe "Unix Auth" is not really the best term to be used because Cisco IOS is not a Unix subspecies. We use this term because to access CISCO boxes we use the same protocols/services widely available on Unix boxes: SSH and Telnet.
But once inside the Cisco IOS, the commands are completely different from the commands used on Unix command line
If the OS is identified to be CISCO, and there are Cisco IOS Records configured on the web interface to that specific host, the scan will try to attempt to log in using the credential provided in the related Cisco IOS Record.
The following commands will be used by the scanner:
show ipv6 interface
show logging | include Syslog | Trap | Console | Monitor | Buffer logging
show clock detail
show ip ssh
show ip interface
Please make sure that the user on the Cisco device has privilege level 15 (Privileged EXEC mode) or is authorized to run these commands above.
Troubleshoot SSH authentication issues:
To troubleshoot Cisco authentication issues please perform the following steps from a Linux/Unix or a Mac machine
ssh -vvv user@host
where %user% is the username that you defined in the related Cisco IOS record
and %host% is either the IP address or the FQDN name of the target.
From a Windows machine you can use 'putty' tool to test SSH or telnet connections.
Putty can be downloaded from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
If you're unable to SSH in to the host using the username and the password you provided in the Cisco IOS authentication record then Qualys scanner also won't be able
to SSH in to the target.
Troubleshooting telnet authentication issues:
If the Cisco device only supports telnet please do a telnet test
telnet 18.104.22.168 23
Please make sure that the Cisco device is asking for a username and a password at the prompt. If the Cisco device is only asking for a Password then its configuration is not correct.
Please review the show running-config and make sure that the Username Authentication is configured as required on the device:
For more information please review Configuring Authentication's guide: