Junos Space Developer
Junos Space Developer

Junos Space CLI User

‎06-22-2015 02:26 AM

Hi fellas,

 

Is it possible to access Junos Space CLI using user other than admin?

If it is, how do you do that?

 

I try to register new user using useradd command using admin-class user without specifying the password.. The registration is working. I try to register the same username and Junos Space reply that the same username is exist. But I cannot login using the username I created.

 

Anyone can give me something about this?

 

 

Thanks in advance

3 REPLIES 3
Highlighted
Junos Space Developer

Re: Junos Space CLI User

[ Edited ]
‎06-22-2015 03:14 AM

By default only the admin user is permitted ssh access (or maybe the user jmp as well, depending on the version of Space that is being run).

 

To permit another user account access via CLI then it is necessary to update the /etc/ssh/sshd_config file and update the AllowUsers section to include the additional user(s) that require ssh access.

 

Once the sshd_config file has been updated, then restart the sshd service

 

# cat /etc/ssh/sshd_config
. . .
AllowUsers admin myUser
#

# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
#

Take note that when running in a multifabric environment, then it is necessary to ensure that the changes are present on both nodes etc.

 

I'm not however sure if there are any support issues associated with making these changes, or for that matter if they are preserved as a result of a software upgrade etc.


Regards,

Andy

Highlighted
Junos Space Developer

Re: Junos Space CLI User

‎06-22-2015 07:20 PM

Thank you Andy Smiley Happy

 

After look at the solution I have several follow-up questions:

 

Is it necessary to create new user first using useradd then register it in sshd_config? or by registering to sshd_config, automatically create the registered user?

 

To set the new users privilege as non-admin, What should I write about the new user's group in sshd_config?

 

If I have to create user first using useradd command, is it automatically created as admin class or there is default class assigned to it?

 

I'm sorry to ask you a lot. I am new to this thing. So, helped me out please. Smiley Happy

 

Thanks again!

Highlighted
Junos Space Developer

Re: Junos Space CLI User

‎06-23-2015 01:17 AM

Hi,

 

>> Is it necessary to create new user first using useradd then register it in sshd_config? or by registering to sshd_config, automatically create the registered user?

 

No, it isn't necessary to create users using the useradd tool, although it does make the process simpler than manually editing files, creating directories etc.   Adding a username into the sshd_config file does not create any user accounts, so either manually create the user account first, or better yet, use the useradd tool to simplify the process.

 

>>To set the new users privilege as non-admin, What should I write about the new user's group in sshd_config?

 

Nothing to write in the sshd_config file,other than the user account that you wish to provide ssh access too.

 

>> If I have to create user first using useradd command, is it automatically created as admin class or there is default class assigned to it?

 

I can't recall what the defaults are for useradd, but I very much doubt that it is provided admin rights by default, I would imagine that the default behaviour is pretty much limited, and then permissions are either defined directly via the parameters used to execute useradd, or by subsequent changes being made to groups for example.

 

There are man pages available for the commands that you would probably be most interested in:

 

# man useradd
# man usermod
# man userdel

# man groupadd
# man groupmod
# man groupdel

and there should be ample resources on the web associated with these tool too. (google: "centos 5.9 useradd" for example).

 

Regards,

Andy