ProxySG & Advanced Secure Gateway

 View Only
  • 1.  Read-only user

    Posted Jan 23, 2022 01:37 AM
    Hi,

    I am creating a user with read-only access, but this user can not run the command  to display/show configuration using SSH. it requires admin privilege. is there a way i provide user  custom privileges or give this user a privilege to run specific commands. I am creating a user for tripwire solution which will access the proxysg via SSH and run the "show configuration" command to check the integrity.

    regards,
    sohail


  • 2.  RE: Read-only user

    Posted Jan 23, 2022 05:12 AM
    Hello Sohail,

    You can't assign specific privileged commands to read-only users, but you could use a different command that doesn't require enable mode, which is 'show advanced-url /archconf_expanded.txt'

    Regards
    Paul Riddington


  • 3.  RE: Read-only user

    Posted Jan 23, 2022 05:58 AM
    Hello Paul,

    Thank you very much. This is what I needed and it worked. is there any command which will display all the output in one go without break? like in cisco we have "terminal length 0".

    regards,
    sohail


  • 4.  RE: Read-only user

    Posted Jan 23, 2022 06:32 AM
    Hi Sohail,

    You can use plink.exe (from the Putty packet) via Windows command line:

    plink username@proxyip -pw userpass -m C:\ssh_command.txt

    and put "show advanced-url /archconf_expanded.txt" without double quotation into file "ssh_command.txt". Article about using plink.exe for automation:

    https://knowledge.broadcom.com/external/article?articleId=166632


  • 5.  RE: Read-only user

    Posted Jan 23, 2022 01:32 PM
    You can with the commands below but that requires enable mode.

    config t
    line-vty
    length 0

    Otherwise, you could use an external command such as the one described by Pavel.

    Regards
    Paul