cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1223
Views
0
Helpful
3
Replies

ssh restriction

paul.tim681
Level 1
Level 1

Hi

Two users are locally created on cisco 2801 router and need to restrict ssh access to a specific user only and one public ip.

username cisco password cisco

username cisco1 password 123456

public ip 123.123.123.123

Can anyone guide me

cheers

Paul

3 Replies 3

Hi Paul ,

I do not think that you can do it per user, but globaly. You can try :

ip access-l stan VTY

permit host 123.123.123.123

line vty 0 15

transport input ssh

access-class VTY in

The access-list should contain all the IPs where you accept the remote connections.

The "transport input" will set the permited input management connections, on VTYs.

Dan

I knew for IP restrictive access but restrictive access for username I am not aware

You can use a Radius server that. When it sees the request coming from certain networks for a certain username, it will allow or deny access.

That will require writing some advanced radius config, and in practice is probably not a real necessity.

Review Cisco Networking for a $25 gift card