Ssh server deny-users – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 1419

Secure Shell (SSH) Commands
Software Reference for x310 Series Switches
C613-50046-01 REV A
AlliedWare Plus
TM
Operating System - Version 5.4.4C
54.37
ssh server deny-users
This command adds a username pattern to the deny list of the SSH server. If the user of an
incoming SSH session matches the pattern, the session is rejected.
SSH server also maintains the allow list. The server checks the user in the deny list first. If a
user is listed in the deny list, then the user access is denied even if the user is listed in the
allow list.
If a hostname pattern is specified, the user is denied from the hosts matching the pattern.
The no variant of this command deletes a username pattern from the deny list of the SSH
server. To delete an entry from the deny list, the username and hostname pattern should
match exactly with the existing entry.
Syntax
ssh server deny-users <username-pattern> [<hostname-pattern>]
no ssh server deny-users <username-pattern> [<hostname-pattern>]
Mode
Global Configuration
Examples
To deny the user john to access SSH login from any host, use the commands:
To deny the user john to access SSH login from a range of IP address (from 192.168.2.1 to
192.168.2.255), use the commands:
To deny the user john to access SSH login from b-company.com domain, use the
commands:
Parameter
Description
The username pattern that users can match to. The
username must begin with a letter. Valid characters are all
numbers, letters, and the underscore, hyphen, full stop and
asterisk symbols. An asterisk acts as a wildcard character
that matches any string of characters.
The host name pattern that hosts can match to. If specified,
the server denies the user only when they connect from
hosts matching the pattern. An asterisk acts as a wildcard
character that matches any string of characters.
awplus#
configure terminal
awplus(config)#
ssh server deny-users john
awplus#
configure terminal
awplus(config)#
ssh server deny-users john 192.168.2.*
awplus#
configure terminal
awplus(config)#
ssh server deny-users john*.b-company.com