Official Lammle User Forum
|
#1
05-26-2012, 03:55 PM
|
|||
|
|||
SSH Access
Hello everyone,
I would like to give ssh access to my equipments to a buddy of mine who wants remote access to play around with the CLI but, I do not want him to change config and by mistake run copy run start  I have searched around but can't find a good source. The only restriction that I would like to apply is that command only the rest is fine.I don't quite get the privileges levels, any good advise will be appreciated. Last edited by n3twrk0p; 05-26-2012 at 03:57 PM. 
|
|
#2
05-26-2012, 08:08 PM
|
|||
|
|||
|
Quote:
The best option, and I think the right way to do this, is to use Role Based access, where you could set up a parser view that allows everything EXCEPT the copy run start command and the write command. It's a little tricky and I have to follow the config book step by step to do it right. The easier option is to back up your config file, and tell him if he over-writes the router config one time, no more access. :-)
__________________
Kevin NET+SEC+A+CCNA 'All that is not eternal is eternally out of date' ~ C.S. Lewis Last edited by ciscodaze; 05-26-2012 at 08:36 PM.
|
|
#3
05-26-2012, 08:13 PM
|
|||
|
|||
|
SSH does that by default, unless I'm missing something....
The mandatory local database used with SSH provides level 0 access unless you tell it otherwise. Level 0 is known as usermode and level 15 is privledged mode. To allow SSH access you need to build the local database, here is an example: config t username bob password smith they will get to only usermode. however, you can do this: config t username bob password 15 smith Then they will be in privledge mode. unless you want them in privledged mode, don't give them the password. so, unless I am missing something in what you asked, they can't get to the configs. Todd
|
Linear Mode
Recent Comments