ConfD User Community

How to enable and disable cli access through "ssh admin@localhost -p 2024"

Hi,

Could you please guide me how to enable and disable cli access through “ssh admin@localhost -p 2024”

Thanks,
Manikandan

You need to configure the following parameter in confd.conf to false in order to disable cli access through ConfD’s built-in ssh server:

/confdConfig/cli/ssh/enabled (boolean) [true]

enabled is either ‘true’ or ‘false’. If ‘true’ ConfD will will use the built in SSH server.

Thanks Waitai for your reply. Is the above configuration will applicable for non-admin users also ?

My previous suggestion on changing the confd.conf parameter is meant to disable cli access through ssh for the entire system. If this is to be done on a per user basis, you need to use the NACM rules and define a command rule to deny all CLI operation access to for the group that the user belongs to. One way to do it is to add the following cmdrule to the rule-list for that group in aaa_init.xml as follows:

  <cmdrule xmlns="http://tail-f.com/yang/acm">
    <name>cli</name>
    <context>cli</context>
    <command>*</command>
    <access-operations>*</access-operations>
    <action>deny</action>
  </cmdrule>