Authorizing Ssh User Access - Cisco ASR 5000 Series Administration Manual
Staros release 21.4
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Installation manual (317 pages) ,
- Administration manual (234 pages)
Table of Contents
Advertisement
Getting Started
Authorizing SSH User Access
The SSH Configuration mode authorized-key command grants user access to a context from a specified host.
Step 1
Go to the SSH Configuration mode.
[local]host_name(config-ctx)#
[local]host_name(config-sshd)#
Step 2
Specify administrative user access via the authorized-key command.
[local]host_name(config-sshd)#
Notes:
• username user_name specifies an existing StarOS administrator user name as having authorized keys for access
to the sshd server. The user_name is expressed as an alphanumeric string of 1 through 255 characters. User names
should have been previously created via the Context Configuration mode administrator command using the
nopassword option to prevent bypassing of the sshd keys. Refer to the System Settings chapter for additional
information on creating administrators.
• host host_ip specifies the IP address of an SSH host having the authorization keys for this username. The IP address
must be in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.
• type specifies the key type; v2-rsa is the only supported type.
SSH User Login Restrictions
An administrator can restrict SSH access to the StarOS CLI to a "white list" of allowed users. Access to a
service may be restricted to only those users having a legitimate need. Only explicitly allowed users will be
able connect to a host via SSH. The user name may optionally include a specific source IP address.
The AllowUsers list consists of user name patterns, separated by space. If the pattern takes the form 'USER'
then login is restricted for that user. If pattern is in the format 'USER@IP_ADDRESS' then USER and IP
address are separately checked, restricting logins to those users from the specified IP address.
The default is to allow unrestricted access by any user.
Creating an Allowed Users List
The allowusers add command allows an administrator to create a list of users who may log into the StarOS
CLI.
Step 1
Enter the context configuration mode.
host_name
[local]
host_name
[local]
server sshd
authorized-key username user_name host host_ip [ type { v2-dsa | v2-rsa } ]
context context_name
(config)#
(config-ctx)#
ASR 5500 System Administration Guide, StarOS Release 21.4
SSH User Login Restrictions
33
Advertisement
Table of Contents
Troubleshooting
