Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ssh restriction

Hi

Two users are locally created on cisco 2801 router and need to restrict ssh access to a specific user only and one public ip.

username cisco password cisco

username cisco1 password 123456

public ip 123.123.123.123

Can anyone guide me

cheers

Paul

Everyone's tags (2)
3 REPLIES

ssh restriction

Hi Paul ,

I do not think that you can do it per user, but globaly. You can try :

ip access-l stan VTY

permit host 123.123.123.123

line vty 0 15

transport input ssh

access-class VTY in

The access-list should contain all the IPs where you accept the remote connections.

The "transport input" will set the permited input management connections, on VTYs.

Dan

Community Member

ssh restriction

I knew for IP restrictive access but restrictive access for username I am not aware

Hall of Fame Super Gold

ssh restriction

You can use a Radius server that. When it sees the request coming from certain networks for a certain username, it will allow or deny access.

That will require writing some advanced radius config, and in practice is probably not a real necessity.

632
Views
0
Helpful
3
Replies
CreatePlease to create content