How to deny NSH access
In the past, removing a role's ability to use Network Shell involved a complex process of creating an empty role and assigning the default Network Shell role for that role as the empty role, along with removing the NSH Here custom command.
A much simpler process is now available for removing NSH access from a role.
To remove NSH access from a role
- Ensure you have a NSH Proxy server configured in your environment.
For more info, see Setting up a Network Shell proxy server.
Without an NSH Proxy enabled, this system will not work, as the NSH Proxy can only control the connections that go through it.
- Update RBAC authorizations in the relevant role, and then save the role.
- To deny NSH access, remove the NSHProxy.Connect authorization.
- To allow NSH access, add the NSHProxy.Connect authorization.