hit counter script

Creating An Allowed Users List; Ssh User Login Authentication - Cisco ASR 5000 Administration Manual

Staros release 21.1
Hide thumbs Also See for ASR 5000:
Table of Contents

Advertisement

Getting Started
The AllowUsers list consists of user name patterns, separated by space. If the pattern takes the form 'USER'
then login is restricted for that user. If pattern is in the format 'USER@IP_ADDRESS' then USER and IP
address are separately checked, restricting logins to those users from the specified IP address.
The default is to allow unrestricted access by any user.

Creating an Allowed Users List

The allowusers add command allows an administrator to create a list of users who may log into the StarOS
CLI.
Step 1
Enter the context configuration mode.
host_name
[local]
host_name
[local]
Step 2
Go to the SSH Configuration mode.
host_name
[local]
Step 3
Configure the SSH user list.
host_name
[local]
user_list specifies a list of user name patterns, separated by spaces, as an alphanumeric string of 1 through 999 characters.
If the pattern takes the form 'USER' then login is restricted for that user.
If the pattern is in the format 'USER@IP_ADDRESS' then user name and IP address are separately checked, restricting
logins to those users from that particular IP address.
If the pattern is in the format 'USER@<context>@IP_ADDRESS' then user name, StarOS context and IP address are
separately checked, restricting logins to those users associated with the specific context from that particular IP address.
The following limits apply to the user_list:
• The maximum length of this string is 3000 bytes including spaces.
• The maximum number of AllowUsers, which is counted by spaces, is 256, which is consistent with the limit from
OpenSSH.
If you exceed either of the above limits, an error message is displayed. The message prompts you to use a
Important
regular expression pattern to shorten the string, or remove all the allowusers with no allowusers add or
default allowusers add and re-configure.
For additional information, see the SSH Configuration Mode Commands chapter in the Command Line Interface Reference.
Step 4
Exit the SSH Configuration mode.
host_name
[local]
host_name
[local]

SSH User Login Authentication

StarOS authenticates SSH user login attempts via authorized-key/user-account pairings for the following
scenarios:
context context_name
(config)#
(config-ctx)#
server sshd
(config-ctx)#
allowusers add user_list
(config-sshd)#
end
(config-sshd)#
#
ASR 5000 System Administration Guide, StarOS Release 21.1
SSH User Login Authentication
31

Advertisement

Table of Contents
loading

Table of Contents