cancel
Showing results for 
Search instead for 
Did you mean: 

Limit SSH access to certain users on specific switches via ExtremeControl

Limit SSH access to certain users on specific switches via ExtremeControl

Stephen_Stormon
Contributor

We currently have a rule in Extreme Control that allows SSH access to members of an Active Directory group and another rule that prevents SSH access from anyone else.  What I am now trying to do is create a third rule that will let Active Directory accounts of two users SSH to two specific switches (and only those two switches).  Is that possible?

1 ACCEPTED SOLUTION

I do have the user group with match any with sAMAccountName for both users. I was trying to use a End-System Group to limit access to switches but it seems to work when I changed it to Location group instead. Thanks!

View solution in original post

2 REPLIES 2

Robert_Haynes
Contributor

This should be possible. A rule with a Location group and the Location group specifying the two specific switches by IP... as well as perhaps a User Group -> LDAP User Group style lookup to either match on a memberOf group specific to those two users only.. or you can actually do a sAMAccountName=<user1> or sAMAccountName=<user2> attribute matching ANY to accomplish the same goal. The rest of the users would fall through to your SSH block rule.

I do have the user group with match any with sAMAccountName for both users. I was trying to use a End-System Group to limit access to switches but it seems to work when I changed it to Location group instead. Thanks!

GTM-P2G8KFN