System Users

  • A system user can login to Versa FlexVNF host OS and CLI. A user is created in Linux when system user is configured.
  • Allowed roles: admin / oper
  • When assigned admin role, a system user can modify any part of configuration. A system user with oper role can only view the configuration
  • Allowed login: shell / cli
  • If shell is selected for login, system user will land on bash.When cli is selected, the user will land on CLI prompt.
  • System users can SSH to port 22 and port 2024. When port 2024 is supplied to SSH, the user will always land on CLI irrespective of the login configured.
  • System user can launch shell from CLI
  • Versa FlexVNF also supports password-less authentication for system users using SSH public key.This provides enhanced security and the system is then protected against SSH brute force password attacks. Multiple SSH keys can be configured for a system user



root@gotham-cli(config)%set system users john password john123 login shell role admin

root@gotham-cli(config)%show | compare
 system{ 
+   users john { 
+       password $1$GYdCkdSz$yiukA.B95.M8vbF3jl1pp0;
+       ssh-public-key laptop { 
+           "ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQCyhCqGWaZmpjiTcxaKVqjK2Ij4QUaJuiA1T+pSTveaJxrNSiCWzfKibY+y/QV0a3+0Y4SQ5W9gkyMbL6Mrk1afqnznp5y20gMIbtul58aJ/Q09Ygu2qg4ULb7iUgHBzwunk2hViKez06yMDjbsE3JGvk5chffSbWXWrkObgwcHkn6KPLiYSW0cEbVSQa1bbF7GSJhIX6QWR17IWjp7MiD569aYxf6rI/WdjSIStO1p7mm01Y93sXnYn7hLs+8mmgV7aF18ZLtMy6x6ofb7yoyov/UQZA9L7+Wy0YtHJ+BF5oM1reG7FwxBHdwbqp/ZqKF3R9kisxDAEWbsQBcVTSYlmmehra@quake"; 
+       } 
+       login shell; 
+       role admin; 
+   } 
 }



Org Users

  • An Org user can only login to Versa FlexVNF CLI

  • Allowed login: cli only

  • SSH to port 2024 is allowed. Port 22 is prohibited for Org user

  • Cannot launch “shell” from the CLI

  • Password less authentication is not supported for Org user (as of now)

  • Allowed roles: Versa FlexVNF provides various predefined RBAC roles for Org user


  •  adc-admin
    		  Can view/modify ADC specific config only
     cgnat-admin
    		  Can view/modify CGNAT specific config only
     sdwan-admin
    		  Can view/modify config related to SDWAN
     security-admin
    		  Can view/modify Security config only
     tenant-admin
    		  Can view/modify all of tenant config
     oper
    		  Can view all tenant config. No modification allowed


When an Org user is created, we append @Orgname to the username. This is done so that unique Org usernames are created in the system. For instance, in following example, the username would be john@kayak.And user needs to SSH as:


ssh'john@kayak'@77.1.1.1 -p 2024   (or)

ssh77.1.1.1 -l john@kayak -p 2024


root@gotham-cli(config)%set orgs org Customer1 users john role tenant-admin password john123 
[ok][2016-10-0511:34:03] 

[edit]
root@gotham-cli(config)%show | compare 
 orgs{ 
     orgKayak { 
+       users john { 
+           password $1$atCDHNyk$aaHOaHcP76UXyCKV7ymoz/; 
+           role tenant-admin; 
+       } 
     }
 }



Default Users

  • By default, Versa FlexVNF is configured with two system users viz admin and versa. These users cannot be deleted.
  • The default password for these users is versa123
  • admin is a super user with sudo privileges. It can SSH to the box on port 22 and port 2024
  • versa is a console user. It can only login via physical/virtual console only
  • Passwords of these users can be modified/deleted using CLI. Password less authentication can be set for admin via SSH public keys