Whenever any user connects to switch by SSH with certificate he gets his privilege level from VTY configuration – not from local AAA settings.
Let user provide diagnose information
check SSH Configuration is fine
ssh user v_lutyi
ssh user v_lutyi authentication-type rsa
ssh user v_lutyi assign rsa-key v_lutyi_rsa_key
ssh user v_lutyi service-type all
ssh user vit_lutyi
ssh user vit_lutyi authentication-type rsa
Check RSA due to user Rsa certification is fine
rsa peer-public-key v_lutyi_rsa_key
public-key-code begin
30820109
02820100
Check the aaa authentication and find the following privilege configured as 0.
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
local-aaa-user password policy administrator
password history record number 0
password expire 0
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$^k~:)_a5D~$}LmtLIOF$=Zr1B!w,w3Qg"nzPrFim$hm9"DL6&H=$
local-user admin privilege level 15
local-user admin service-type terminal http
local-user v_lutyi password irreversible-cipher $1a$$IoD%bQG;N$h-N>'X.7(DSta68<E@JGsR2"VC*O2GgWr|Q0kyC,$
local-user v_lutyi privilege level 0
local-user v_lutyi service-type terminal ssh http
Found the following privilege is 0, try to modify to 15
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
user-interface vty 16 20
authentication-mode aaa
protocol inbound all
if the account is RSA authentication, you can only obtain the user level from vty, so you need to add command: user privilege level 3 under vty.
