Local User Configuration

show local-user brief

[Command] show local-user brief

[Purpose] Display local user information

[View] System view

[Use Cases]

sonic# show local-user brief
USER ONLINE BLOCKED LOGIN IP LOGIN TIME
admin yes no Nov 3 17:24
admin yes no 150.1.0.1 Nov 4 23:20
test no yes

show local-user brief This command display description table

Fields	Description
ONLINE	Whether the current user is online or not yes User Online no User is not online
BLOCKED	Whether the current user is locked out or not yes Locked no Unlocked
LOGIN IP	The IP address used by the current user to log in to the device, if the user is online and the LOGIN IP is empty, it means that the user is logging in through the serial port
LOGIN TIME	Current user login time to the device

show local-user block-conf

[Command] show local-user block-conf

[Purpose] Displays the device’s configured method for processing successive incorrect password entries by the user

[View] System view

[Use Cases]

sonic# show local-user brief
USER ONLINE BLOCKED LOGIN IP LOGIN TIME
admin yes no 2025-05-10 14:2
admin yes no 192.168.200.24 2025-05-10 16:05

show local-user blocked

[Command] show local-user blocked

[Purpose] Show locked users

[View] System view

[Use Cases]

sonic(config)# do show local-user blocked
Login Failures Latest failure From
happy 2 05/10/25 16:24:33 192.168.200.240

local-user name

[Command] local-user namenamepasswdpassword

no local-username

[Purpose] Create local user

[Parameter]

Parameter	Description
name	Username
password	Password

[View] System configuration view

[Use Cases]

sonic(config)# local-user name test passwd testuser

local-user block-time

[Command] local-user block-timetime

[Purpose] Configure local users to continuously enter incorrect password account lockout time

[Parameter]

Parameter	Description
time	Value range: 1-65535, unit: min

[View] System configuration view

[Notes] Locked for 5 minutes by default.

[Use Cases]

sonic(config)# local-user block-time 5

local-user retry-count

[Command] local-user retry-countcount

no local-user retry-count

[Purpose] Configure a limit on the number of consecutive incorrect password entries for local users

[Parameter]

Parameter	Description
count	Value range: 2-65535

[View] System configuration view

[Notes] By default, 5 attempts are allowed

[Use Cases]

sonic(config)# local-user retry-count 5

local-user password-control

[Purpose] Configure security rules such as local user password strength settings and expiration dates

[Parameter]

Parameter	Description
enable	Enable password-control, default ‘disable’
min-len	Minimum password length, default 8
min-lowercase	Minimum lowercase letters, default 0
min-uppercase	Minimum uppercase letters, default 0
min-digits	Minimum digits, default 0
min-special-chars	Minimum special characters, default 0
expiration-time	The password expiration time (days unit), default 180
expiration-warning	The password expiration warning time (days unit), default 15

[View] System configuration view

[Notes] To ensure sufficient password strength for local users, the strength of password configuration can be set. By increasing the complexity of passwords and regularly changing them, it can effectively resist brute force cracking and other forms of password guessing attacks.

[Use Cases]

sonic(config)# local-user password-control enable
sonic(config)# local-user password-control min-len 10

telnet max session

[Command] telnet max sessioncount

no telnet max sessioncount

[Purpose] Set the maximum number of telnet user sessions

[Parameter]

Parameter	Description
count	The range of value is: 1-100, default value is: 10

[View] System configuration view

[Use Cases]

sonic(config)# telnet max session 5

ssh max session

[Command] ssh max sessioncount

no ssh max sessioncount

[Purpose] Set the maximum number of SSH user sessions

[Parameter]

Parameter	Description
count	The range of value is: 1-100, default value is: 10

[View] System configuration view

[Use Cases]

sonic(config)# ssh max session 5