Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Telnet Remote Access - No Privileges

SOLVED
Go to solution

Telnet Remote Access - No Privileges

Hi,

 

I enabled telnet access as below

 

>telnet server enable

>user-interface vty 0 4 

>set authentication ...

>protocol inbound telnet

 

Now when I access the switch remotely, the privilege is less and I am not able to execute any commands

 

Is there any way to access the exec mode in the HP 5900 switch ?

 

Also how to enable the web access on the switch ?

 

Please let me know your suggestions

7 REPLIES
TerjeAFK
Respected Contributor
Solution

Re: Telnet Remote Access - No Privileges

We have the following config on our 5900:

 

user-interface vty 0 4
  user-role network-admin
  user-role privilege

 

Try it and see if it works for you.

 

sdide
Respected Contributor

Re: Telnet Remote Access - No Privileges

hi,

 

in your vty lines configuration you need:

 

line vty 0 63

 authentication-mode password

 set authentication password <your_password>

 user-role network-admin

 protocol inbound telnet

 quit

 

Normaly if you are not priviledged and need to be, you'd do the "super"-command

However its not certain that your current priviledge-level grants you access to that.

In the above "user-role network-admin" grants you admin-priviledge, but maybe you'd like

a view-only kind'a access you could say "user-role network-operator" instead.

And then from network-operator, you could gain admin-priviledge using the super command.

 

To use the super you need to grant the vty lines access to it.

Lets make a role, that allows the "super"-command and nothing else

role name priv
 rule 1 permit command super

 quit

 

Now add this role to the vty lines

line vty 0 63

  user-role priv

  quit

 

and you need to set the super password.

 

super password simple <your_super_password>

 

 

Then you could log in and have operator access, and gain admin priviledge using the super command

 

if you want to enable the web-service, you need to do:

 

ip https enable

or for nonsecure web access

ip http enable

 

 Regards

Søren Dideriksen, Network Administrator
Region Midtjylland
Apachez-
Trusted Contributor

Re: Telnet Remote Access - No Privileges

Please dont use telnet, use ssh if you need remote access to the device.

 

Here is a basic config you can apply (taken from a HP A5820 running R1808P25 or newer):

 

#

super password level 3 cipher <REMOVED>
#
local-user <REMOVED>
password cipher <REMOVED>
authorization-attribute level 1
service-type ssh terminal
#
acl number 2002 name v4-MGMT-SSH
hardware-count enable
rule 0 deny fragment
rule 5 permit source <REMOVED> 0
rule 10 deny
#
acl ipv6 number 2002 name v6-MGMT-SSH
hardware-count enable
rule 0 deny fragment
rule 5 deny routing
rule 10 deny
#
ssh server enable
ssh server rekey-interval 1
undo ssh server compatible-ssh1x
undo sftp server enable
ssh client source interface LoopBack0
ssh server acl 2002
ssh server ipv6 acl ipv6 2002
#
user-interface vty 0 15
acl 2002 inbound
acl ipv6 2002 inbound
authentication-mode scheme
user privilege level 1
set authentication password cipher <REMOVED>
protocol inbound ssh
terminal type vt100
#

 

You will also need to create the private keys before you can use the ssh server in your comware device, see the manual for more info.

DennisMartin
Visitor

Re: Telnet Remote Access - No Privileges

We are a test lab and are trying to get the HP 5900 up and running in a relatively simple configuration. I need a simple telnet connection that has the same privileges as the console port. I've tried the commands suggested in this thread, but keep getting the following message when I try anything useful from the telnet session.

 

"System is busy or this command can't be executed because of no such privilege!"

 

 

Here is a snippet of our configuration so far:

 

line class vty
 authentication-mode none
 user-role network-admin
 user-role network-operator
 user-role privilege
 protocol inbound telnet
 command authorization
#
line vty 0 63
 authentication-mode none
 user-role network-admin
 user-role network-operator
 user-role priv
 user-role privilege
 protocol inbound telnet
 command authorization
#

 

 

What am I missing?

Thanks!

Re: Telnet Remote Access - No Privileges

Thanks,

 

All the posts  gave me idea, got it working.

 

I just had to give

 

>user-role network-admin

 

Thanks to all.

 

sdide
Respected Contributor

Re: Telnet Remote Access - No Privileges

hi DennisMartin

 

in your case you need to remove the "command authorization". that is

 

line vty 0 63

 undo command authorization

 quit

line class vty

 undo command authorization

 quit

 

That said. You are of course aware that everyone able to access that net-segment can access your switch with FULL priviledges.

 

use ssh and make a user with a password, og even better a scheme. - you'll need it when the switch need to enter a "real" environment anyways.

 

Regards.

 

 

Søren Dideriksen, Network Administrator
Region Midtjylland
DennisMartin
Visitor

Re: Telnet Remote Access - No Privileges

Thanks. That solved the problem. Yes, I'm aware that this is unsecure, but we are a test lab connected to test equipment for this project.

 

Best regards!