3.2.7. auth¶
Configuration data for local users.
vsr running config# system auth
user¶
List of local users on the system.
vsr running config# system auth user <string>
<string> |
The user name string identifying this entry. |
role (mandatory)¶
The role of the user.
vsr running config# system auth user <string>
vsr running user <string># role ROLE
|
Description |
---|---|
viewer |
The user can view configuration and state and run standard commands. However, he/she cannot edit the configuration, read protected config/state nodes (such as passwords) nor run privileged commands (such as reboot, poweroff, etc.). |
admin |
The user can view all configuration and state, including protected nodes (such as password). He/she may edit the configuration and run any command including privileged ones (such as reboot, poweroff, etc.). |
password¶
The user password, supplied as a hashed value using the notation described in the definition of the crypt-hash type.
vsr running config# system auth user <string>
vsr running user <string># password PASSWORD
PASSWORD |
The crypt-hash type is used to store passwords using a hash function. The algorithms for applying the hash function and encoding the result are implemented in various UNIX systems as the function crypt(3). A value of this type matches one of the forms: $0$<clear text password> $<id>$<salt>$<password hash> $<id>$<parameter>$<salt>$<password hash> The ‘$0$’ prefix signals that the value is clear text. When such a value is received by the server, a hash value is calculated, and the string ‘$<id>$<salt>$’ or $<id>$<parameter>$<salt>$ is prepended to the result. This value is stored in the configuration data store. If a value starting with ‘$<id>$’, where <id> is not ‘0’, is received, the server knows that the value already represents a hashed value and stores it ‘as is’ in the data store. When a server needs to verify a password given by a user, it finds the stored password hash string for that user, extracts the salt, and calculates the hash with the salt and given password as input. If the calculated hash value is the same as the stored value, the password given by the client is accepted. This type defines the following hash functions: id | hash function | feature —+—————+——————- 1 | MD5 | crypt-hash-md5 5 | SHA-256 | crypt-hash-sha-256 6 | SHA-512 | crypt-hash-sha-512 The server indicates support for the different hash functions by advertising the corresponding feature. |
authorized-key¶
A public SSH key for this user in the OpenSSH format. This key is
allowed for SSH authentication without a password to both the NETCONF
and SSH servers. You may use the ssh-keygen utility to generate a new
key-pair and paste the contents of the *.pub
file (the public key)
here.
vsr running config# system auth user <string>
vsr running user <string># authorized-key <string>