[rancid] IOS topic: How to create a read-only user?

Emille Blanc emille at abccommunications.com
Wed Nov 21 21:17:35 UTC 2018


I was about to say "We use TAC+", but since that's not what you're after...
Your best bet would be parser views to do this. It'll give you the best control at the user level, without messing around with privilege levels.
They're a bit of a PITA to setup, though.

https://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html

-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Dan Mahoney (Gushi)
Sent: Wednesday, November 21, 2018 1:14 PM
To: rancid-discuss at shrubbery.net
Subject: [rancid] IOS topic: How to create a read-only user?

Hey there,

I log in to my cisco devices with SSH keys, but I don't think that matters 
for the purposes of this.

I'd like to create a "rancid" user for my (cisco, primarily IOS classic) 
devices which has full privileges to do things like "show run", but that 
has no ability to change the configs.

I know this is possible to do as part of Tacplus, but as I only have three 
or four devices, spinning up tacplus seems more complicated than need be. 
(This is why I mentioned ssh, just in case -- all my users have local 
privilege levels in the config).

I'm sure this has been asked before, but my google-fu is failing me here.

Bonus points if you know this for things like IOS-XR/XE or Junos.

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
FB:  fb.com/DanielMahoneyIV
LI:   linkedin.com/in/gushi
Site:  http://www.gushi.org
---------------------------

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss



More information about the Rancid-discuss mailing list