.. _example_service_ssh_access-control_sshaccesscontrol:

##################
Ssh Access Control
##################

Test suite for validating SSH access control options

*************
SSH User Deny
*************

Description
===========

Check that enforcing a user denial will work as expected. A user is set to be
denied through SSH connection, then a connection through this user is tried expecting
failure to connect. A user that hasn't been denied is also tested to confirm unchanged
behavior in this case.

Scenario
========

.. include:: sshaccesscontrol/sshuserdeny

.. raw:: html

  <hr>

**************
SSH User Allow
**************

Description
===========

Check that allowing a user will only let that user connect to the device. A user is set to be
allowed through SSH connection, then a connection through this user is tried expecting
to connect successfully. An unallowed user is also tested to confirm unchanged behavior for
this case.

Scenario
========

.. include:: sshaccesscontrol/sshuserallow

.. raw:: html

  <hr>

*************
SSH Role Deny
*************

Description
===========

Check that enforcing a role denial will work as expected. A user and a role are created
and then the role is assigned to the user. The role is then denied and an SSH connection is tried
with this user, expecting a failure. The admin user is also tried to ensure that users that haven't
been denied can still access the router.

Scenario
========

.. include:: sshaccesscontrol/sshroledeny

.. raw:: html

  <hr>

**************
SSH Role Allow
**************

Description
===========

Check that enforcing a role permission will work as expected. Two users and two roles are created.
The roles are assigned to each of the users. One role is then allowed and an SSH connection is tried
with the user assigned that role, expecting to succeed. The other user is also tried expecting to fail.
The unallowed user is tried to ensure the deny by default behavior once an allow is set.

Scenario
========

.. include:: sshaccesscontrol/sshroleallow

.. raw:: html

  <hr>

*******************************
SSH Validate Role Configuration
*******************************

Description
===========

Check that the same role can not be allowed and denied at the same time.

Scenario
========

.. include:: sshaccesscontrol/sshvalidateroleconfiguration

.. raw:: html

  <hr>

*******************************
SSH Validate User Configuration
*******************************

Description
===========

Check that the same user can not be allowed and denied at the same time.

Scenario
========

.. include:: sshaccesscontrol/sshvalidateuserconfiguration

.. raw:: html

  <hr>