Creating An Allowed Users List; Ssh User Login Authentication - Cisco ASR 5500 System Administration Manual
Hide thumbs
Also See for ASR 5500:
- Administration manual (410 pages) ,
- Installation manual (192 pages) ,
- Installation procedure overview (6 pages)
Table of Contents
Advertisement
Getting Started
Creating an Allowed Users List
The allowusers add command allows an administrator to create a list of users who may log into the StarOS
CLI.
Step 1
Enter the context configuration mode.
host_name
[local]
host_name
[local]
Step 2
Go to the SSH Configuration mode.
host_name
[local]
Step 3
Configure the SSH user list.
host_name
[local]
user_list specifies a list of user name patterns, separated by spaces, as an alphanumeric string of 1 through 999 characters.
If the pattern takes the form 'USER' then login is restricted for that user.
If the pattern is in the format 'USER@IP_ADDRESS' then user name and IP address are separately checked, restricting
logins to those users from that particular IP address.
If the pattern is in the format 'USER@<context>@IP_ADDRESS' then user name, StarOS context and IP address are
separately checked, restricting logins to those users associated with the specific context from that particular IP address.
The following limits apply to the user_list:
• The maximum length of this string is 3000 bytes including spaces.
• The maximum number of AllowUsers, which is counted by spaces, is 256, which is consistent with the limit from
OpenSSH.
If you exceed either of the above limits, an error message is displayed. The message prompts you to use a
Important
regular expression pattern to shorten the string, or remove all the allowusers with no allowusers add or
default allowusers add and re-configure.
For additional information, see the SSH Configuration Mode Commands chapter in the Command Line Interface Reference.
Step 4
Exit the SSH Configuration mode.
host_name
[local]
host_name
[local]
SSH User Login Authentication
StarOS authenticates SSH user login attempts via authorized-key/user-account pairings for the following
scenarios:
• User tries to login with local context username through local context (VPN) interface with authorized-key
• User tries to login with non-local context username through non-local context interface with
context context_name
(config)#
(config-ctx)#
server sshd
(config-ctx)#
allowusers add user_list
(config-sshd)#
end
(config-sshd)#
#
configured on local context.
authorized-key configured on non-local context.
ASR 5500 System Administration Guide, StarOS Release 21.5
SSH User Login Authentication
19
Advertisement
Table of Contents
Troubleshooting
