Announcement

Collapse
No announcement yet.

deny user connect sshI have a problem I have a router with vpn users created. The pr

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • deny user connect sshI have a problem I have a router with vpn users created. The pr

    I have a problem

    I have a router with vpn users created.
    The problem is that vpn users can connect to the ssh with they`re vpn accounts .
    Even if i assign to a user privilege 1 , the user still can connect to the router.

    for aaa i have configured

    aaa new-model

    aaa authentication login Test_db local
    aaa authorization network Test_db local

  • #2
    Re: deny user connect sshI have a problem I have a router with vpn users created. Th

    what is your concern - they probably can't do anything much.

    about 3/4 of the way down this post
    http://www.dslreports.com/faq/9815
    Is some information about asasigning permission to perform specific tasks to various AAA levels.
    so if you ensured that everyone with access level 1, can't do anything BUT vpn, then sure, maybe they can ssh in, but it doesn't do them much good...

    It's also possible that TACACS or RADIUS will allow you to do this effectively.. not sure how though sorry
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: deny user connect sshI have a problem I have a router with vpn users created. Th

      Configure a static source IP to lock it down.
      Something like where the 172.16.1.1 is your client: ssh 172.16.1.1 255.255.255.255 inside
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: deny user connect sshI have a problem I have a router with vpn users created. Th

        Originally posted by tehcamel View Post
        what is your concern - they probably can't do anything much.

        about 3/4 of the way down this post
        http://www.dslreports.com/faq/9815
        Is some information about asasigning permission to perform specific tasks to various AAA levels.
        so if you ensured that everyone with access level 1, can't do anything BUT vpn, then sure, maybe they can ssh in, but it doesn't do them much good...

        It's also possible that TACACS or RADIUS will allow you to do this effectively.. not sure how though sorry
        Oh but they can do a lot.
        If i create something like

        username test privilege 1 password blabla

        if i type show privilege with his user, it`s showing me privilege 15, maximum
        They can do whatever they want...

        Comment

        Working...
        X