diff options
| author | Quentin Young <qlyoung@cumulusnetworks.com> | 2018-04-03 19:53:04 +0200 |
|---|---|---|
| committer | Quentin Young <qlyoung@cumulusnetworks.com> | 2018-04-03 19:53:04 +0200 |
| commit | a3ff031191167d0b5f423f7429a9cb99342e58af (patch) | |
| tree | 9ce06d572d7cbd0e065253f7a8e87ff54d2facb8 /doc/manpages | |
| parent | Merge pull request #1894 from LabNConsulting/working/master/vtysh-not-enabled (diff) | |
| download | frr-a3ff031191167d0b5f423f7429a9cb99342e58af.tar.xz frr-a3ff031191167d0b5f423f7429a9cb99342e58af.zip | |
doc: warn users about vtysh / telnet security
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Diffstat (limited to 'doc/manpages')
| -rw-r--r-- | doc/manpages/vtysh.rst | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/manpages/vtysh.rst b/doc/manpages/vtysh.rst index 2efff3762..3e496956c 100644 --- a/doc/manpages/vtysh.rst +++ b/doc/manpages/vtysh.rst @@ -55,7 +55,9 @@ OPTIONS available for the vtysh command: .. option:: -u, --user - Run as an unprivileged user. This limits access to non-privileged commands, i.e., the same commands when directly accessing a daemon before running the enable command. It also provides the same limited security as such direct access. + Restrict access to configuration commands by preventing use of the "enable" command. This option provides the same limited "security" as password-protected telnet access. *This security should not be relied on in production environments.* + + Caveat emptor: VTYSH was never designed to be a privilege broker and is not built using secure coding practices. No guarantees of security are provided for this option and under no circumstances should this option be used to provide any semblance of secure read-only access to FRR. .. option:: -h, --help |