Disallow the netconf call home connetion for "root" user

CESNET / netopeer2

NETCONF toolset

BSD 3-Clause "New" or "Revised" License

299 stars 188 forks source link

Disallow the netconf call home connetion for "root" user #1390

Closed navneetkaurPS closed 1 year ago

navneetkaurPS commented 1 year ago

Hi, Our requirement is call home connection cannot be established by "root" user on the netconf client.

listen --login root

What way can we block the "root" user access in netopeer2 server

Regards Navneet

michalvasko commented 1 year ago

Currently, this is not possible because al the system users are always allowed to authenticate for standard/Call Home sessions. libnetconf2 allows to set a custom authentication callback for each method (using nc_server_ssh_set_passwd_auth_clb() for example) but netopeer2 is using the default ones. So, it would require some code changes in either project.

We are working on a new libnetconf2 version that will allow complete customization of authorized users.