Local User Configuration

show local-user brief

[Command] show local-user brief

[Purpose] Display local user information

[View] System view

[Use Cases]

sonic# show local-user brief
USER  ONLINE BLOCKED LOGIN IP        LOGIN TIME
admin  yes     no                     Nov 3 17:24
admin  yes     no    150.1.0.1        Nov 4 23:20
test   no      yes

show local-user brief

This command display description table

Fields	Description
ONLINE	Whether the current user is online or not yes User Online no User is not online
BLOCKED	Whether the current user is locked out or not yes Locked no Unlocked
LOGIN IP	The IP address used by the current user to log in to the device, if the user is online and the LOGIN IP is empty, it means that the user is logging in through the serial port
LOGIN TIME	Current user login time to the device

show local-user block-conf

[Command] show local-user block-conf

[Purpose] Displays the device’s configured method for processing successive incorrect password entries by the user

[View] System view

[Use Cases]

sonic# show local-user block-conf
+-------------+---------+
| PARAMETER   |   VALUE |
+=============+=========+
| retry-count |       5 |
+-------------+---------+
| block-time  |       5 |
+-------------+---------+

show local-user blocked

[Command] show local-user blocked

[Purpose] Show locked users

[View] System view

[Use Cases]

sonic# show local-user blocked
Login   Failures  Latest   failure    From
test        8    11/05/16  00:42:56  150.1.0.1

show local-user password-control

[Command] show local-user password-control

[Purpose] Show user password complexity configuration

[View] System view

[Use Cases]

sonic# show local-user password-control
+--------------+---------+--------------+--------------+------------+---------------+
|PASSWD_CONTRO | MINLEN |MIN_LOWERCASE |MIN_UPPERCASE | MIN_DIGITS | MIN_SPECIAL_CHARS |
+================+=======+==============+==============+============+================+
|  disable     |       8 |            0 |            0 |         0  |              0 |
+--------------+---------+--------------+--------------+------------+----------------+

[Command] show local-user privilege

[Purpose] Show local user privilege assignment

[View] System View

[Use Cases]

sonic# show local-user privilege
+--------+-------------+
| USER   | PRIVILEGE   |
+========+=============+
| aaa    | none        |
+--------+-------------+
| bbb    | config      |
+--------+-------------+
| admin  | sys_admin   |
+--------+-------------+

local-user name

[Command] local-user name namepasswd password no local-user

[Purpose] Create local user

[Parameter]

Parameter	Description
name	Username
password	Password

[View] System configuration view

[Use Cases]

sonic(config)# local-user name test passwd testuser

local-user name privilege

[Command] local-user name *name *privilege {none|show|config|sys_admin}

[Purpose] Configure local user privileges, default is none

[Parameter]

Parameter	Description
none	Has login privileges
show	Has view-only privileges, no configuration privileges, can execute ping/traceroute operation commands
config	Has configuration privileges, but does not include upgrade, reboot, add/delete user commands
sys_admin	Has highest privileges

[View] System Configuration View

[Use Cases]

sonic(config)# local-user name aaa privilege-level config

local-user block-time

[Command] local-user block-time time

[Purpose] Configure local users to continuously enter incorrect password account lockout time

[Parameter]

Parameter	Description
time	Value range: 1-65535, unit: min

[View] System configuration view

[Notes] Locked for 5 minutes by default.

[Use Cases]

sonic(config)# local-user block-time 5

local-user retry-count

[Command] local-user retry-count count no local-user retry-count

[Purpose] Configure a limit on the number of consecutive incorrect password entries for local users

[Parameter]

Parameter	Description
count	Value range: 2-65535

[View] System configuration view

[Notes] By default, 5 attempts are allowed

[Use Cases]

sonic(config)# local-user retry-count 5

local-user password-control enable

[Command] local-user password-control enable no local-user password-control enable

[Purpose] Configure local user password complexity function

[View] System configuration view

[Notes] To prevent passwords from being cracked by malicious users through brute-force attacks, you can configure the complexity requirements for local user passwords.

[Use Cases]

sonic(config)# local-user password-control enable

local-user password-control min-len

[Command] local-user password-control min-len length no local-user password-control min-len

[Purpose] Set the minimum length for local user passwords.

[Parameter]

Parameter	Description
length	The range of value is: 8-64, default value is: 8

[View] System configuration view

[Use Cases]

sonic(config)# local-user password-control min-len 10

local-user password-control min-lowercase

[Command] local-user password-control min-lowercase num no local-user password-control min-lowercase

[Purpose] Set the minimum lowercase letter requirement for local user passwords.

[Parameter]

Parameter	Description
num	The range of value is: 1-10, default value is: 0

[View] System configuration view

[Use Cases]

sonic(config)# local-user password-control min-lowercase 1

local-user password-control min-uppercase

[Command] local-user password-control min-uppercase num no local-user password-control min-uppercase

[Purpose] Set the minimum number of uppercase letters required for local user passwords.

[Parameter]

Parameter	Description
num	The range of value is: 1-10, default value is: 0

[View] System configuration view

[Use Cases]

sonic(config)# local-user password-control min-uppercase 1

local-user password-control min-digits

[Command] local-user password-control min-digits num no local-user password-control min- digits

[Purpose] Set the minimum number of digits required in local user passwords.

[Parameter]

Parameter	Description
num	The range of value is: 1-10, default value is: 0

[View] System configuration view

[Use Cases]

sonic(config)# local-user password-control min-digits 1

local-user password-control min-special-chars

[Command] local-user password-control min-special-chars num no local-user password-control min- special-chars

[Purpose] Set the minimum number of special characters required in local user passwords.

[Parameter]

Parameter	Description
num	The range of value is: 1-10, included: ~!@#$%^*-_=+:/,.

[View] System configuration view

[Use Cases]

sonic(config)# local-user password-control min-special-chars 1

telnet max session

[Command] telnet max session count

[Purpose] Set the maximum number of telnet user sessions

[Parameter]

Parameter	Description
count	The range of value is: 1-100, default value is: 10

[View] System configuration view

[Use Cases]

sonic(config)# telnet max session 5

ssh max session

[Command] ssh max session count

[Purpose] Set the maximum number of SSH user sessions

[Parameter]

Parameter	Description
count	The range of value is: 1-100, default value is: 10

[View] System configuration view

[Use Cases]

sonic(config)# telnet ssh session 5