This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Limit SSH access to certain users on specific switches via ExtremeControl

Limit SSH access to certain users on specific switches via ExtremeControl

Go to solution
Stephen_Stormon
Contributor

‎11-16-2022 10:17 AM

We currently have a rule in Extreme Control that allows SSH access to members of an Active Directory group and another rule that prevents SSH access from anyone else.  What I am now trying to do is create a third rule that will let Active Directory accounts of two users SSH to two specific switches (and only those two switches).  Is that possible?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Stephen_Stormon
Contributor
In response to Robert_Haynes

‎11-23-2022 11:05 AM

I do have the user group with match any with sAMAccountName for both users. I was trying to use a End-System Group to limit access to switches but it seems to work when I changed it to Location group instead. Thanks!

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Robert_Haynes
Extreme Employee

‎11-17-2022 05:35 AM

This should be possible. A rule with a Location group and the Location group specifying the two specific switches by IP... as well as perhaps a User Group -> LDAP User Group style lookup to either match on a memberOf group specific to those two users only.. or you can actually do a sAMAccountName=<user1> or sAMAccountName=<user2> attribute matching ANY to accomplish the same goal. The rest of the users would fall through to your SSH block rule.

0 Kudos

Go to solution
Stephen_Stormon
Contributor
In response to Robert_Haynes

‎11-23-2022 11:05 AM

I do have the user group with match any with sAMAccountName for both users. I was trying to use a End-System Group to limit access to switches but it seems to work when I changed it to Location group instead. Thanks!

0 Kudos
GTM-P2G8KFN