Secure Shell (SSH) Introduction
©2008 Allied Telesis Inc. All rights reserved.
43.6
AlliedWare Plus
TM
Operating System Software Reference C613-50003-00 REV E
Software Version 5.2.1
This allows you to deny specific users from a range of allowed users. For example, to deny a
user with the IP address 192.168.1.12, use the command:
To display the database of denied users, use the command:
To delete a client from the database of denied users, use the command:
Authenticating SSH Users
SSH users can use either their password or public key authentication to authenticate
themselves with the SSH server. To use public key authentication, copy the user’s public key file
from their client device to the SSH server. To associate the key with a user, use the command:
For example, to associate the file key.pub with the user “langley”, use the command:
To add a key as text into the terminal for user “geoff ”, first enter the command:
then paste or type the key in as text.
You can add multiple keys for the same user. To display the list of public keys associated with a
user, use the command:
The
<1-65535>
parameter allows you to display an individual key.
To delete a key associated with a user from your device, use the command:
Adding a Login Banner
You can add a login banner to the SSH server for sessions with SSH version 2 clients. The
server displays the banner to clients before the login prompt. To set the login banner’s
message, use the command:
then enter your message and use Ctrl+D to finish.
To view the configured login banner, use the command:
awplus(config)#
ssh server deny-users * 192.168.1.12
awplus#
show ssh server deny-users
awplus(config)#
no ssh server deny-users <username_pattern> [<hostname_pattern>]
awplus(config)#
crypto key pubkey-chain userkey <username> [<filename>]
awplus(config)#
crypto key pubkey-chain userkey langley key.pub
awplus(config)#
crypto key pubkey-chain userkey geoff
awplus(config)#
show crypto key pubkey-chain userkey <username>[<1-65535>]
awplus(config)#
no crypto key pubkey-chain userkey <username> <1-65535>
awplus(config)#
banner login
awplus#
show banner login