System User Login Configuration 400 Local user account information #include Username contains illegal characters or\nexceeds 100 character limitation. Authentication settings Encrypted password (\*|\!) [a-zA-Z0-9\.\/]{13} \$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22} \$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43} \$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86} Invalid encrypted password for $VAR(../../@). ! One-Time-Pad (two-factor) authentication parameters Limit number of logins (rate-limit) per rate-time u32:1-10 Number of attempts Number of login attempts must me between 1 and 10 3 Limit number of logins (rate-limit) per rate-time u32:15-600 Time interval Rate limit time interval must be between 15 and 600 seconds 30 Set window of concurrently valid codes u32:1-21 Window size Window of concurrently valid codes must be between 1 and 21 3 Key/secret the token algorithm (see RFC4226) txt Base32 encoded key/token [a-zA-Z2-7]{26,10000} Key must only include base32 characters and be at least 26 characters long Plaintext password used for encryption Remote access public keys txt Key identifier used by ssh-keygen (usually of form user@host) Public key value (Base64 encoded) Optional public key options SSH public key type ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com ssh-dss Digital Signature Algorithm (DSA) key support ssh-rsa Key pair based on RSA algorithm ecdsa-sha2-nistp256 Elliptic Curve DSA with NIST P-256 curve ecdsa-sha2-nistp384 Elliptic Curve DSA with NIST P-384 curve ecdsa-sha2-nistp521 Elliptic Curve DSA with NIST P-521 curve ssh-ed25519 Edwards-curve DSA with elliptic curve 25519 sk-ecdsa-sha2-nistp256@openssh.com Elliptic Curve DSA security key sk-ssh-ed25519@openssh.com Elliptic curve 25519 security key (ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com) #include Full name of the user (use quotes for names with spaces) [^:]* Cannot use ':' in full name Home directory txt Path to home directory (\/[a-zA-Z_0-9-.]+)+\/?$ #include #include #include 255 #include TACACS+ based user authentication TACACS+ server configuration ipv4 TACACS+ server IPv4 address #include #include #include 49 Security mode for TACACS+ authentication mandatory optional mandatory Deny access immediately if TACACS+ answers with REJECT optional Pass to the next authentication method if TACACS+ answers with REJECT (mandatory|optional) optional #include #include #include Maximum number of all login sessions u32:1-65536 Maximum number of all login sessions Maximum logins must be between 1 and 65536 Session timeout u32:5-604800 Session timeout in seconds Timeout must be between 5 and 604800 seconds