Authorized Ssh User Access; Authorizing Ssh User Access; Ssh User Login Restrictions - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
Authorized SSH User Access
• data is the encrypted key expressed as an alphanumeric string of 1 through 1023 characters
• length octets is the length of the encrypted key in octets expressed as an integer from 0 through 65535
• type specifies the key type; v2-rsa is the only supported type.
Important
For releases prior to 20.0, StarOS supports a maximum of 64 configurable authorized SSH keys. For
release 20.0 and higher, StarOS supports a maximum of 200 configurable authorized SSH keys.
Authorized SSH User Access
You must authorize users to access a StarOS context from a specific host with an SSH authentication-key
pair.
Authorizing SSH User Access
The SSH Configuration mode authorized-key command grants user access to a context from a specified host.
Step 1
Go to the SSH Configuration mode.
[local]host_name(config-ctx)#
[local]host_name(config-sshd)#
Step 2
Specify administrative user access via the authorized-key command.
[local]host_name(config-sshd)#
Notes:
• username user_name specifies an existing StarOS administrator user name as having authorized keys for access
to the sshd server. The user_name is expressed as an alphanumeric string of 1 through 255 characters. User names
should have been previously created via the Context Configuration mode administrator command using the
nopassword option to prevent bypassing of the sshd keys. Refer to the System Settings chapter for additional
information on creating administrators.
• host host_ip specifies the IP address of an SSH host having the authorization keys for this username. The IP address
must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.
• type specifies the key type; v2-rsa is the only supported type.
SSH User Login Restrictions
An administrator can restrict SSH access to the StarOS CLI to a "white list" of allowed users. Access to a
service may be restricted to only those users having a legitimate need. Only explicitly allowed users will be
able connect to a host via SSH. The user name may optionally include a specific source IP address.
ASR 5000 System Administration Guide, StarOS Release 21.1
30
server sshd
authorized-key username user_name host host_ip [ type { v2-dsa | v2-rsa } ]
Getting Started
Advertisement
Table of Contents
Troubleshooting
