beautypg.com

Ssh server deny-users – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1419

background image

Secure Shell (SSH) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

54.37

ssh server deny-users

This command adds a username pattern to the deny list of the SSH server. If the user of an
incoming SSH session matches the pattern, the session is rejected.

SSH server also maintains the allow list. The server checks the user in the deny list first. If a
user is listed in the deny list, then the user access is denied even if the user is listed in the
allow list.

If a hostname pattern is specified, the user is denied from the hosts matching the pattern.

The no variant of this command deletes a username pattern from the deny list of the SSH
server. To delete an entry from the deny list, the username and hostname pattern should
match exactly with the existing entry.

Syntax

ssh server deny-users <username-pattern> [<hostname-pattern>]

no ssh server deny-users <username-pattern> [<hostname-pattern>]

Mode

Global Configuration

Examples

To deny the user john to access SSH login from any host, use the commands:

To deny the user john to access SSH login from a range of IP address (from 192.168.2.1 to
192.168.2.255), use the commands:

To deny the user john to access SSH login from b-company.com domain, use the
commands:

Parameter

Description

The username pattern that users can match to. The
username must begin with a letter. Valid characters are all
numbers, letters, and the underscore, hyphen, full stop and
asterisk symbols. An asterisk acts as a wildcard character
that matches any string of characters.

The host name pattern that hosts can match to. If specified,
the server denies the user only when they connect from
hosts matching the pattern. An asterisk acts as a wildcard
character that matches any string of characters.

awplus#

configure terminal

awplus(config)#

ssh server deny-users john

awplus#

configure terminal

awplus(config)#

ssh server deny-users john 192.168.2.*

awplus#

configure terminal

awplus(config)#

ssh server deny-users john*.b-company.com