login
Syntax
login { announcement text; class class-name { allow-hidden-commands; no-hidden-commands { except [“regular expression or command 1” “regular expression or command 2” ...]; } access-end hh:mm; access-start hh:mm; ( allow-commands ”(regular-expression1)|(regular-expression2)...” | allow-commands-regexps [“regular expression 1” “regular expression 2 ” ... ]); ( allow-configuration ”(regular-expression1)|(regular-expression2)...” | allow-configuration-regexps [“regular expression 1” “regular expression 2 ” ... ]); allow-sources [ source-addresses ... ]; allow-times [ times ... ]; allowed-days [ days of the week ]; cli { prompt prompt; } configuration-breadcrumbs; confirm-commands [“regular expression or command 1” “regular expression or command 2” ...] { confirmation-message; } ( deny-commands ”(regular-expression1)|(regular-expression2)...” | deny-commands-regexps [“regular expression 1” “regular expression 2 ” ... ]); ( deny-configuration ”(regular-expression1)|(regular-expression2)...” | deny-configuration-regexps [“regular expression 1” “regular expression 2 ” ... ]); deny-sources [ source-addresses ... ]; deny-times [ times ... ]; idle-timeout minutes; logical-system logical-system-name; login-alarms; login-script login-script; login-tip; no-scp-server; no-sftp-server; permissions [ permissions ]; satellite all; security-role (audit-administrator | crypto-administrator | ids-administrator | security-administrator); tenant tenant-system-name; } deny-sources { address [ source-addresses ... ]; } idle-timeout minutes; message text; password { change-type (character-sets | set-transitions); format (sha256 | sha512); maximum-length length; maximum-lifetime days minimum-changes number; minimum-character-changes number minimum-length length; minimum-lifetime days minimum-lower-cases number; minimum-numerics number; minimum-punctuations number; minimum-reuse number; minimum-upper-cases number; } retry-options { backoff-factor seconds; backoff-threshold number; lockout-period minutes; maximum-time seconds; minimum-time seconds; tries-before-disconnect number; } user username { authentication { encrypted-password encrypted-password; no-public-keys; ssh-ecdsa name { from from; } ssh-ed25519 name { from from; } ssh-rsa name { from from; } } cli { prompt prompt; } class class-name; full-name full-name; uid uid-value; } }
Hierarchy Level
[edit system]
Description
Configure user access to the device.
Options
announcement text | Configure a system login announcement. This announcement appears after a user logs in. Sometimes you want to make announcements to authorized users only after they have logged in. For example, you might want to announce an upcoming maintenance event. To display a message before the user logs in, configure a system
login message using the You can format the announcement using the following special characters:
If the text of the announcement contains any spaces, enclose the text in quotation marks.
|
deny-sources | (Mandatory) Never allow access from these hosts. The source addresses can be IPv4 or IPv6 addresses, prefix lengths, or hostnames.
|
idle-timeout minutes | For a login class, configure the maximum time in minutes that a session can be idle before the session times out and the user is logged out of the device. The session times out after remaining at the CLI operational mode prompt for the specified time. Note:
After the user logs in to a device from a shell prompt such as csh, if the user starts another program to run in the foreground of the CLI, the idle-timer control is stopped from being computed. The calculation of the idle time of the CLI session is restarted only after the foreground process exits and the control is returned to the shell prompt. When the restart of the idle-timer control occurs, if no interaction from the user occurs on the shell, the user is automatically logged out after the time set on this statement.
|
message text | Configure a system login message. A login message
displays a banner to users when they access the device, before they
log in. To display a message only after the user logs in, configure
a system login announcement using the Before you create any user accounts, it’s a good idea to configure an initial login message. You can format the message using the following special characters:
If the text of the message contains any spaces, enclose the text in quotation marks.
|
The remaining statements are explained separately. See CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
deny-sources
option introduced in Junos OS Release
11.2.
All of the statements and options introduced previously were introduced in Junos OS Release 14.1X53-D20 for the OCX Series.