Skip to main content

users command

Use this command to access all user accounts and their authority levels.

The users command is used to access all user accounts and their authority levels, and to create new user accounts and modify or clear existing accounts.

Syntax:
users -[user_account] [-options]
Table 1. users options
OptionDescriptionValues
-[user_account]User account number.The user account number, user_account, is specified as an integer from 1 to 1 in the command option.
-lDisplay password expiration days 
-nUser account nameUnique string containing only numbers, letters, periods, and underscores. Minimum of 4 characters and maximum of 16 characters.
-pUser account passwordString that contains at least one alphabetic and one non-alphabetic character. Minimum of 6 characters and maximum of 255 characters. Null creates an account without a password that the user must set during their first login.
-shpSet hash passwordTotal 64 characters
-ssaltSet saltLimited to 64 characters
-ghpGet hashpassword 
-gsaltGet salt 
-rRole nameAdministrator, Operator, ReadOnly, or customized roles. As listed in roles command command.
-clearErase specified user accountUser account index number to erase must be specified, following the form:
users -clear -[user_account]
Note
If you are authorized, you can remove your own account or the account of other users, even if they are currently logged in, unless it is the only account remaining with User Account Management privileges. Sessions that are already in progress when user accounts are deleted will not be automatically terminated.
-currDisplay users currently logged in 
-aiUser accessible Interfaceweb, ssh, redfish, ipmi, snmp, all
Note
A default value (web|ssh|redfish) will be set if there is no -ai option.
-sauthSNMPv3 authentication protocolnone, HMAC-SHA, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512
-sprivSNMPv3 privacy protocolnone, CBC_DES, AES, AES192, AES256, AES192C, AES256C
-spwSNMPv3 privacy passwordValid password
-saccSNMPv3 access type (only supports gets)get
-pkDisplay SSH public key for userUser account index number.
Note
  • Each SSH key assigned to the user is displayed, along with an identifying key index number.
  • When using the SSH public key options, the -pk option must be used after the user index (-userindex option), of the form: users -2 -pk.
  • All keys are in OpenSSH format.
The following options are used along with -pk
-eDisplay entire SSH key in OpenSSH format

(SSH public key option)

This option takes no arguments and must be used exclusive of all other users -pk options.
Note
When using the SSH public key options, the -pk option must be used after the user index (-userindex option), of the form: users -2 -pk -e.
-removeRemove SSH public key from user

(SSH public key option)

Public key index number to remove must be given as a specific -key_index or -all for all keys assigned to the user.
Note
When using the SSH public key options, the -pk option must be used after the user index (-userindex option), of the form: users -2 -pk -remove -1.
-addAdd SSH public key for user

(SSH public key option)

Quote-delimited key in OpenSSH format
Note
  • The -add option is used exclusive of all other users -pk command options.
  • When using the SSH public key options, the -pk option must be used after the user index (-userindex option), of the form:

    users -2 -pk -add "AAAAB3NzC1yc2EAAAABIwAAA QEAvfnTUzRF7pdBuaBy4dO/aIFasa/Gtc+o/wlZnuC4aD HMA1UmnMyLOCiIaNOy4OOICEKCqjKEhrYymtAoVtfKApv Y39GpnSGRC/qcLGWLM4cmirKL5kxHNOqIcwbT1NPceoKH j46X7E+mqlfWnAhhjDpcVFjagM3Ek2y7w/tBGrwGgN7DP HJU1tzcJy68mEAnIrzjUoR98Q3/B9cJD77ydGKe8rPdI2 hIEpXR5dNUiupA1Yd8PSSMgdukASKEd3eRRZTBl3SAtMu cUsTkYjlXcqex1OQz4+N50R6MbNcwlsx+mTEAvvcpJhug a70UNPGhLJMl6k7jeJiQ8Xd2p XbOZQ=="

-upldUpload an SSH public key in OpenSSH or RFC4716 format

(SSH public key option)

Requires the -i and -l options to specify key location.
Note
  • The -upld option is used exclusive of all other users -pk command options (except for -i and -l).
  • To replace a key with a new key, you must specify a -key_index. To add a key to the end of the list of current keys, do not specify a key index.
  • When using the SSH public key options, the -pk option must be used after the user index (-userindex option), of the form: users -2 -pk -upld -i tftp://9.72.216.40/ -l file.key.
-dnldDownload the specified SSH public key to a TFTP/SFTP server

(SSH public key option)

Requires a -key_index to specify the key to download and the -i and -l options to specify the download location on another computer running a TFTP server.
Note
  • The -dnld option is used exclusive of all other users -pk command options (except for -i, -l, and -key_index).
  • When using the SSH public key options, the -pk option must be used after the user index (-userindex option), of the form: users -2 -pk -dnld -1 -i tftp://9.72.216.40/ -l file.key.
-iIP address of TFTP/SFTP server for uploading or downloading a key file

(SSH public key option)

Valid IP address
Note
The -i option is required by the users -pk -upld and users -pk -dnld command options.
-pnPort number of TFTP/SFTP server

(SSH public key option)

Valid port number (default 69/22)
Note
An optional parameter for the users -pk -upld and users -pk -dnld command options.
-uUser name for SFTP server

(SSH public key option)

Valid user name
Note
An optional parameter for the users -pk -upld and users -pk -dnld command options.
-pwPassword for SFTP server

(SSH public key option)

Valid password
Note
An optional parameter for the users -pk -upld and users -pk -dnld command options.
-lFile name for uploading or downloading a key file via TFTP or SFTP

(SSH public key option)

Valid file name
Note
The -l option is required by the users -pk -upld and users -pk -dnld command options.
-afAccept connections from host

(SSH public key option)

A comma-separated list of hostnames and IP addresses, limited to 511 characters. Valid characters include: alphanumeric, comma, asterisk, question mark, exclamation point, period, hyphen, colon and percent sign.
-cmComment

(SSH public key option)

Quote-delimited string of up to 255 characters.
Note
When using the SSH public key options, the -pk option must be used after the user index (-userindex option), of the form: users -2 -pk -cm "This is my comment.".
Example:
system> users
Login ID Name Advanced Attribute Role Password Expires
--------- ---- ------------------ ---- ----------------
1 USERID redfish|ssh|web Administrator Password doesn't expire
system> users -1
-n: USERID
-ai: redfish|ssh|web
-r: Administrator
-l: Password doesn't expire
-sauth: HMAC-SHA
-spriv: AES
-sacc: gets

system> hashpw –sw enabled –re enabled
system> users -5 –n guest5 –shp 292bcbc41bb078cf5bd258db60b63a4b337c8c954409442cfad7148bc6428fee –ssalt abc –r Adminis-trator
system> users -5 ghp
292bcbc41bb078cf5bd258db60b63a4b337c8c954409442cfad7148bc6428fee
system> users -5 gsalt
abc
system> users -2 -n sptest -p Passw0rd12 -r Administrator
The user is required to change the password when the user logs in to the management serv-er for the first time
ok
system> users
Account Login ID Advanced Attribute Role Password Expires
------- -------- ------------------ ------ ----------------
1 USERID Native Administrator 90 day(s)
2 sptest Native Administrator Password expired

system> users -2 -pk all
Key 1
ssh-rsa 2048 bit HA256:ka6jcTanehALAO3mo3qFhzCo164RFCWcj+NWAQYOg4M root@localhost.localdomain
-af 10.2.4.6
-cm root@localhost.localdomain
Key 2
ssh-rsa 2048 bit HA256:ka6jcTanehALAO3mo3qFhzCo164RFCWcj+NWAQYOg4M root@localhost.localdomain
-af