Linkedin Youtube
Contact us

5 – SONiC Users and Session Management

Pine Networks > SONiC Configuration > 5 – SONiC Users and Session Management

In this article we will explore how to manage user accounts in Enterprise SONiC. We will cover:

  • Creating new users
  • User login and lockout
  • Configuring session time-out
Creating New Users

You can create new local users with specific privilege levels. The default user is admin, but you can add more users for access control.

Example
Switch-1# configure terminal
Switch-1(config)# username netops password Netops@123 role admin
Switch-1(config)# exit
  • role admin → provides full access.
  • role operator → provides limited operational commands.
Verify user creation:
Switch-1# show users configured 
----------------------------------------------------------------------
User                              Role(s)
----------------------------------------------------------------------
admin                             admin
netops                            admin

User Login and Lockout                                                 

Users can log in through console or SSH using their configured credentials.

Example SSH Login:
ssh netops@192.168.1.100

If incorrect passwords are entered multiple times, SONiC will lock the account based on security policies.

Manually Lock a User:

We can manually lock a user out of a session using the following command:

Switch-1(config)# username operator lock
Manually unlock a User:

To manually unlock a user use the following command:

Switch-1(config)# username operator unlock
Verify logged in users:

To manually unlock a user use the following command:

Switch-1# show users all
----------------------------------------------------------------------
User                              Role(s)
----------------------------------------------------------------------
Test                              operator
admin                             admin

For more details use show users

Switch-1# show users 
INDEX   LINE     USER                              ROLE                              APPLICATION     IDLE      LOGIN-TIME                  LOCATION
1       ttyS0    admin                             admin                             bash            4.00s     07-11-2025 15:52:23.665603  console

 

Verification

  • Login with the new user credentials using SSH or console.
  • Try failed logins to trigger lockout policy.
  • Remain idle to confirm session timeout.
Notes
  • Role-based access control (RBAC) ensures separation of duties between administrators and operators.
  • User lockout protects against brute-force attacks.
  • Session timeout is critical for compliance and security in shared environments.
  • Always use strong passwords that comply with enterprise security policies.