Authorized Ssh User Access; Authorizing Ssh User Access; Ssh User Login Restrictions - Cisco ASR 5500 System Administration Manual
Hide thumbs
Also See for ASR 5500:
- Administration manual (410 pages) ,
- Installation manual (192 pages) ,
- Installation procedure overview (6 pages)
Table of Contents
Advertisement
Authorized SSH User Access
Authorized SSH User Access
You must authorize users to access a StarOS context from a specific host with an SSH authentication-key
pair.
Authorizing SSH User Access
The SSH Configuration mode authorized-key command grants user access to a context from a specified host.
Step 1
Go to the SSH Configuration mode.
[local]host_name(config-ctx)#
[local]host_name(config-sshd)#
Step 2
Specify administrative user access via the authorized-key command.
[local]host_name(config-sshd)#
Notes:
• username user_name specifies an existing StarOS administrator user name as having authorized keys for access
to the sshd server. The user_name is expressed as an alphanumeric string of 1 through 255 characters. User names
should have been previously created via the Context Configuration mode administrator command using the
nopassword option to prevent bypassing of the sshd keys. Refer to the System Settings chapter for additional
information on creating administrators.
• host host_ip specifies the IP address of an SSH host having the authorization keys for this username. The IP address
must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.
• type specifies the key type; v2-rsa is the only supported type.
SSH User Login Restrictions
An administrator can restrict SSH access to the StarOS CLI to a "white list" of allowed users. Access to a
service may be restricted to only those users having a legitimate need. Only explicitly allowed users will be
able connect to a host via SSH. The user name may optionally include a specific source IP address.
The AllowUsers list consists of user name patterns, separated by space. If the pattern takes the form 'USER'
then login is restricted for that user. If pattern is in the format 'USER@IP_ADDRESS' then USER and IP
address are separately checked, restricting logins to those users from the specified IP address.
The default is to allow unrestricted access by any user.
ASR 5500 System Administration Guide, StarOS Release 21.5
18
server sshd
authorized-key username user_name host host_ip [ type { v2-dsa | v2-rsa } ]
Getting Started
Advertisement
Table of Contents
Troubleshooting
