Lenovo Flex SystemChassis Management Module 2 command-line interface: users command

This command displays and configures user accounts, also called user profiles, of the primary CMM.

Important: Users and permission groups for the Lenovo Flex System chassis are controlled by the CMM in each Lenovo Flex System chassis, using the CMM CLI users command and the permgroups command or the CMM web interface. If your Lenovo Flex System configuration includes an optional management device, such as the Lenovo XClarity Administrator or Flex System Manager hardware, users and permission groups for each optional management device installation are controlled by the management device software (see Lenovo XClarity Administrator information page for information about using the Lenovo XClarity Administrator or Flex System Manager management node for information about user and permission group management using the Flex System Manager).

Note:

Permission groups are viewed and modified using the permgroups command.
Users can be backed up as part of the CMM configuration using the write command.
Users are restored as part of a backed up CMM configuration using the read command.
When the CMM is set to "Secure" security mode, only secure file transfer methods, such as HTTPS and SFTP, can be used for tasks involving file transfer when the CMM is acting as a server. Unsecure file transfer protocols, such as HTTP, FTP, and TFTP, are disabled when the CMM is acting as a server when the security mode is set to "Secure". Unsecure file transfer protocols remain available for a CMM acting as a client for all commands when the security mode is set to "Secure".
For information about how to specify a URL for file transfer, see Specifying a URL for file transfer.
Before you update the firmware for Power Systems compute nodes using an optional management device, make sure that the passwords for the Power Systems compute node accounts on the CMM will not expire before the update is complete. If the passwords expire during a code update, the compute nodes might not reconnect to the management software, and each Power Systems compute node might have to be updated with a new password.
The user accounts set up in the CMM are used to log in to the service processor interfaces of the compute nodes.

If command syntax is not correctly entered, or if a command fails to run, an error message is returned. See Common errors for a list of error messages that apply to all commands or users command errors for a list of error messages that are specific to the users command.

Table 1. users (CMM users) command.
The command table is a multi-row, four-column table where each row describes a CMM CLI command option: column one lists command function, column two provides a detailed command description, column three shows command-option syntax, and column four lists valid command targets.
Function	What it does	Command	Target (see paths in Command targets)
Display all user profiles	Displays all 84 (maximum) CMM user profiles. Returned user values are: User name Permission groups Current number of active sessions Maximum sessions allowed State of account (active or inactive) Password state (expired or not expired) A list of current user permission groups displays after the list of user profiles.	`users`	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Display active users	Displays all users that are currently logged in to the CMM. Returned values include: User name Session ID Inactive time for each connection User IP address Connection type	`users -curr`	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Terminate user session	Terminates the specified user login session. Note: The session ID is found by running the `users -curr` command.	`users -ts`sessionID where sessionID is a number that corresponds to the user session ID. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Display single user profile	Displays the specified CMM user profile. Returned values are: Permission groups Current number of active sessions Maximum sessions allowed State of account (active or inactive) Password state (expired or not expired) Note: User names are not case sensitive.	`users -n`user_name where user_name is a user name assigned in the "Display all user profiles" list.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Disable user profile	Disables the specified CMM user profile. Note: User names are not case sensitive.	`users -disable -n`user_name where user_name is a user name assigned in the "Display all user profiles" list. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Enable user profile	Enables a specified CMM user profile that is disabled. Note: User names are not case sensitive.	`users -enable -n`user_name where user_name is a user name assigned in the "Display all user profiles" list. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Unlock user profile	Unlocks a specified CMM user profile that is locked. Note: User names are not case sensitive.	`users -unlock -n`user_name where user_name is a user name assigned in the "Display all user profiles" list. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Delete user profile	Delete the specified CMM user profile. Note: User names are not case sensitive.	`users -clear -n` user_name where user_name is a user name assigned in the "Display all user profiles" list. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Add user	Create the specified CMM user. The following user-profile fields are required: -n user_name -p user_password -g permission_group -ms max_sessions Note: User names and group names are not case sensitive. Passwords are case sensitive.	`users -add -n` user_name `-p` user_password `-g` permission_group `-ms` max_sessions where: user_name is an alphanumeric string up to 32 characters in length that can include periods ( . ), underscores ( _ ), and hyphens ( - ). Each of the 84 (maximum) user names must be unique. User names are not case sensitive. user_password is an alphanumeric string between 5 and 32 characters in length that can include special characters and must include at least one alphabetic and one numeric character, but no white space. Passwords are case sensitive. permission_group are one or more of the user permission groups listed in the "Display all user profiles" list, separated by a vertical bar ( \| ). One default permission group (supervisor or operator), or one or more custom permission groups can be specified. Group names are not case sensitive. max-session is a number from 0 to 20 that sets the maximum number of simultaneous sessions for the user. A value of 0 means that there is no session limit for the user. (continued on next page) This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Change user password (own password)	Allows a user to change the user password in their own CMM user profile. Note: Users can change their own password even if they do not have authority to manage accounts. The -op option is only used when changing your own password. User names are not case sensitive. Passwords are case sensitive.	`users -n`user_name `-op` old_password `-p` new_password where: user_name is your own user name assigned in the "Display all user profiles" list. old_password is your current user password. Passwords are case sensitive. new_password is an alphanumeric string between 5 and 32 characters in length that can include special characters and must include at least one alphabetic and one numeric character, but no white space. Passwords are case sensitive. Users who do not have authority to manage accounts can change their own password using the -op option.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Change user password (other user)	Forces a password change in the specified CMM user profile. Note: User names are not case sensitive. Passwords are case sensitive. Users can change their own password, even if they do not have authority to manage accounts, by specifying the -op option (see the `users -op` command description for information.	`users -n`user_name `-p` new_password where: user_name is a user name assigned in the "Display all user profiles" list. new_password is an alphanumeric string between 5 and 32 characters in length that can include special characters and must include at least one alphabetic and one numeric character, but no white space. Passwords are case sensitive. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Set user permission groups	Sets the user permission groups in the specified CMM user profile. Note: User names and group names are not case sensitive.	`users -n`user_name `-g` permission_group where: user_name is a user name assigned in the "Display all user profiles" list. permission_group are one or more of the user permission groups listed in the "Display all user profiles" list, separated by a vertical bar ( \| ). One default permission group (supervisor or operator), or one or more custom permission groups can be specified. Group names are not case sensitive. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Set maximum number of simultaneous sessions for user	Sets the maximum number of simultaneous login sessions for the specified user. Note: User names are not case sensitive.	`users -n`user_name`-ms` max-session where: user_name is a user name assigned in the "Display all user profiles" list. max-session is a number from 0 to 20 that sets the maximum number of simultaneous sessions for the user. A value of 0 means that there is no session limit for the user. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Add SSH public key to user	Adds an SSH public key to the specified user. The following user-profile fields are required: -n user_name -kf key_format -key key	`users -add -n`user_name `-kf` key_format`-key "`key`"` where: user_name is a user name assigned in the "Display all user profiles" list. key_format is `openssh` key is an SSH public key, up to 6000 characters in length, enclosed in double-quotes. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Remove SSH public key from user	Removes one or all SSH public keys associated with the specified user.	`users -remove -n`user_name `-ki` key_index where: user_name is a user name assigned in the "Display all user profiles" list. key_index is an integer between 1 and 20 that identifies a key for the specified user. `all` to remove all keys associated with the specified user This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Import (upload) and add new SSH public key	Import (upload) and add a new SSH public key for user. The upload location of the key file, including IP address and filename, an must be set using the -u command option.	`users -upld -n`user_name `-kf` key_format `-u` URL where: user_name is a user name assigned in the "Display all user profiles" list. key_format is `openssh` URL is fully qualified uniform resource locator, including file name, of the tftp, ftp, http, https, or sftp server where the key file is located. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Import (upload) and update existing SSH public key	Import (upload) and update existing SSH public key for user. The upload location of the key file, including IP address and filename, an must be set using the -u command option.	`users -upld -n`user_name `-ki` key_index `-kf` key_format `-u` URL where: user_name is a user name assigned in the "Display all user profiles" list. key_index is an integer between 1 and 20 that identifies a key for the specified user. key_format is `openssh` URL is fully qualified uniform resource locator, including file name, of the tftp, ftp, http, https, or sftp server where the key file is located. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Export (download) SSH public key	Export (download) the specified SSH public key. The download location of the key file, including IP address and filename, and must be set using the -u command option.	`users -dnld -n`user_name `-ki` key_index `-kf` key_format `-u` URL where: user_name is a user name assigned in the "Display all user profiles" list. key_index is an integer between 1 and 20 that identifies a key for the specified user. key_format is `openssh` URL is fully qualified uniform resource locator, including file name, of the tftp, ftp, http, https, or sftp server where the key file is located.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Display SSH public key information (summary)	Displays SSH public key information summary for the specified user.	`users -u` user_name `-ki` key_index where: user_name is a user name assigned in the "Display all user profiles" list. key_index is an integer between 1 and 20 that identifies a key for the specified user. `all` to display all keys associated with the specified user	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Display complete SSH public key information	Displays complete SSH public key information for the specified user. Note: When displaying complete key information, you can only specify one key index each time you run the command.	`users -u` user_name `-ki` key_index `-kf` key_format `-e` where: user_name is a user name assigned in the "Display all user profiles" list. key_index is an integer between 1 and 20 that identifies a key for the specified user. key_format is `openssh`	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Update SSH public key	Updates the information for the specified SSH public key for the specified user. Information that can be updated includes: The list of hosts from which the specified user will accept connections. Comments.	`users -n`user_name `-ki` key_index `-kf` key_format`-key "`key`" -af "` host_list`" -cm "`comment`"` where: user_name is a user name assigned in the "Display all user profiles" list. key_index is an integer between 1 and 20 that identifies a key for the specified user. key_format is `openssh` key is an SSH public key, up to 6000 characters in length, enclosed in double-quotes. host_list a list of hosts that the specified user will accept connections from, in the format: `from="list"` where list is a comma-separated list, enclosed in double-quotes, of hostnames and IP addresses. The list is limited to 511 characters, with valid characters including: letters, numbers, commas ( , ), asterisks ( * ), question marks ( ? ), exclamation points ( ! ), periods ( . ), hyphens ( - ), colon ( : ), and percent signs ( % ). comment is a string of up to 255 characters in length, enclosed in double-quotes. (continued on next page)	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Update SSH public key (continued)		This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.
Update user SNMPv3 information	Updates the SNMPv3 information for the specified user. Information that can be updated includes: Context name Authentication protocol Privacy protocol Privacy password Access type IP address of the SNMPv3 server Note: SNMPv3 related command options can also be modified singly for each specified user.	`users -n`user_name `-cn "`context_name`" -ap`authentication_protocol `-pp` privacy_proto `-ppw` privacy_pwd `-at` access_type `-i` hostname/ip_address where: user_name is a user name assigned in the "Display all user profiles" list. context_name is a unique string up to 32 characters in length, enclosed in double-quotes. authentication_protocol is `md5` or `sha` . privacy_proto is `des` , `aes` , or `none` . privacy_pwd is an alphanumeric string between 5 and 32 characters in length that can include special characters and must include at least one alphabetic and one numeric character, but no white space. The privacy_pwd can be cleared by setting its value to null. access_type is `get` , `set` , or `trap` . hostname/ip_address is the host name or IP address of the SNMPv3 server. The hostname/ip_address can be cleared by setting its value to null. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Enable / disable compute node and I/O module account management by CMM	Enables management by CMM of the IPMI and SNMPv3 user accounts for compute nodes and of the SNMPv3 user accounts for I/O Modules. This command option allows the CMM user accounts to be used for managing most compute nodes and I/O modules in the chassis instead of having management device user accounts manage the compute nodes and the I/O modules. Important: Management of compute node IPMI and SNMPv3 user accounts is not supported by POWER-based compute nodes and by I/O modules with firmware versions lower than 8.4.3. Note: Enabling CMM management of IPMI/SNMPv3 user accounts on nodes causes all existing IPMI/SNMPv3 user accounts on compute nodes to be overwritten. Save existing compute node IPMI/SNMPv3 user account information before enabling compute node account management by the CMM. Enabling CMM management of SNMPv3 user accounts on I/O modules disables the local SNMPv3 user accounts on I/O modules until the account management by CMM is disabled.	`users -am`state `-prov_target` target where: state is enabled or disabled. target is "iom", "node" or "all" and it specifies the devices for which the account management should be enabled/disabled: "node": compute nodes, "iom": I/O modules and "all": both compute nodes and I/O modules. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Enable / disable SNMPv3 and/or IPMI centralized management	Enables or disables centralized management of SNMPv3 and/or IPMI user accounts, including user provisioning. This command enables you to control whether or not specific CMM user accounts can be used to manage chassis components (including provisioning). There can be up to 12 provisioned user accounts for nodes and up to 12 provisioned user accounts for I/O modules. Remember that enabling a user account will not actually allow local management of chassis components unless you have enabled compute node and/or I/O module account management by CMM using the `users -am enabled` command option. Note: Disabling centralized IPMI and SNMPv3 management (provisioning) of a user account deletes the centrally managed user account. If there is a corresponding local account for this user on the CMM, it will remain functional.	`users -ipmisnmpv3`state `-n` user_name `-prov_target` target where: state is `enabled` or `disabled` . user_name is a user name assigned in the "Display all user profiles" list. target is "iom", "node" or "all" and it specifies the devices for which the account management should be enabled/disabled: "node": compute nodes, "iom": I/O modules and "all": both compute nodes and I/O modules. This command can only be run by users who have one or more of the following command authorities: Supervisor Chassis account management See Commands and user authority for additional information.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Change new user creation method	Changes new user creation method. There are two available: username&password" (default) username&email See User authority management for more information. Note: An email server must be configured in network settings before“username&email” method can be selected (see SMTP in CMM management options).	`users -nucm` state where state is `username&password` or `username&email`:	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.

Example: To create a user with a user name of user3, with a password of passw0rd, who is a member of the super permission group (supervisor rights to all Lenovo Flex System components, as defined by the permgroups command), and a maximum number of user sessions of 10, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -add -n user3 -p passw0rd -g super -ms 10

To display all users, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users

To display information for the user named test, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test

To add a public key of the type openssh to the user named test, with a key value of ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvfnTUzRF7pdBuaBy4dO/ aIFasa/Gtc+o/wlZnuC4aDHMA1UmnMyLOCiIaNOy4OOICEKCqjKEhrYymtAo VtfKApvY39GpnSGRC/qcLGWLM4cmirKL5kxHNOqIcwbT1NPceoKHj46X7E+ mqlfWnAhhjDpcVFjagM3Ek2y7w/tBGrwGgN7DPHJU1tzcJy68mEAnIrzjUoR98Q3/ B9cJD77ydGKe8rPdI2hIEpXR5dNUiupA1Yd8PSSMgdukASKEd3eRRZTBl3SAt MucUsTkYjlXcqex1OQz4+N50R6MbNcwlsx+mTEAvvcpJhuga70UNPGhLJMl6k7 jeJiQ8Xd2pXbOZQ==, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -add -kf openssh -key "ssh-rsa AAAAB3NzaC1yc2EAAAA
BIwAAAQEAvfnTUzRF7pdBuaBy4dO/aIFasa/Gtc+o/wlZnuC4aDHMA1UmnMyLOCiIaNOy4OOICEKCq
jKEhrYymtAoVtfKApvY39GpnSGRC/qcLGWLM4cmirKL5kxHNOqIcwbT1NPceoKHj46X7E+mqlfWnAh
hjDpcVFjagM3Ek2y7w/tBGrwGgN7DPHJU1tzcJy68mEAnIrzjUoR98Q3/B9cJD77ydGKe8rPdI2hIE
pXR5dNUiupA1Yd8PSSMgdukASKEd3eRRZTBl3SAtMucUsTkYjlXcqex1OQz4+N50R6MbNcwlsx+mTE
AvvcpJhuga70UNPGhLJMl6k7jeJiQ8Xd2pXbOZQ=="

To display the key with an index of 1 for the user named test, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -ki 1

To display all keys for the user named test, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -ki all

To display full key information for the key with an index of 1, of type openssh, for the user named test, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -ki 1 -kf openssh -e

To download a key with an index of 1, of type openssh, for the user named test, from tftp://9.72.216.40/file.key, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -dnld -ki 1 -kf openssh -u tftp://9.72.216.40/file.key

To upload a key with an index of 1, of type openssh, for the user named test, from tftp://9.72.216.40/file.key, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -upld -ki 1 -kf openssh -u tftp://9.72.216.40/file.key

To remove a key with an index of 1 for the user named test, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -ki 1 -remove

To remove all keys for the user named test, while the primary CMM in bay 2 is set as the persistent command environment, at the system:mm[2]> prompt, type

users -n test -ki all -remove

The following example shows the information that is returned from these commands:

system:mm[2]> users -add -n user3 -p passw0rd -g super -ms 10
OK
system:mm[2]> users

Node provisioning: disabled
I/O module provisioning: disabled

Users
=====

USERID
   Group(s): supervisor
   1 active session(s)
   Max 0 session(s) allowed
   Account is active
   Password is not expired
   Password is compliant
   There is no SSH public key installed for this user
   IPMI and SNMPv3 user provisioning for nodes is disabled
   SNMPv3 user provisioning for I/O modules is disabled

user3
   Group(s): super
   0 active session(s)
   Max 10 session(s) allowed
   Account is active
   Password is not expired
   Password is compliant
   There is no SSH public key installed for this user
   IPMI and SNMPv3 user provisioning for nodes is disabled
   SNMPv3 user provisioning for I/O modules is disabled
   
test
   Group(s): opmin
   0 active session(s)
   Max 2 session(s) allowed
   Account is active
   Password is not expired
   Password is compliant
   Number of SSH public keys installed for this user: 2
   IPMI and SNMPv3 user provisioning for nodes is disabled
   SNMPv3 user provisioning for I/O modules is disabled

User Permission Groups
======================

supervisor
   Role:supervisor
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4|5|6|7|8|9|10

operator
   Role:operator
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4|5|6|7|8|9|10

opmin
   Role:operator
   Blades:n/a
   Chassis:n/a
   Modules:n/a


system:mm[2]> users -n test

-g opmin
-ms 5
-cn admin
-ap sha
-pp des
-at set
-i 0.0.0.0
Node provisioning: -ipmisnmpv3 disabled
I/O module provisioning: -snmpv3 disabled
0 active session(s)
Max 2 session(s) allowed
Account is active
Password is not expired
Password is compliant
Number of SSH public keys installed for this user: 2
Last login: Never


system:mm[2]> users -n test -add -kf openssh -key "ssh-rsa AAAAB3NzaC1yc2EAAAA
BIwAAAQEAvfnTUzRF7pdBuaBy4dO/aIFasa/Gtc+o/wlZnuC4aDHMA1UmnMyLOCiIaNOy4OOICEKCq
jKEhrYymtAoVtfKApvY39GpnSGRC/qcLGWLM4cmirKL5kxHNOqIcwbT1NPceoKHj46X7E+mqlfWnAh
hjDpcVFjagM3Ek2y7w/tBGrwGgN7DPHJU1tzcJy68mEAnIrzjUoR98Q3/B9cJD77ydGKe8rPdI2hIE
pXR5dNUiupA1Yd8PSSMgdukASKEd3eRRZTBl3SAtMucUsTkYjlXcqex1OQz4+N50R6MbNcwlsx+mTE
AvvcpJhuga70UNPGhLJMl6k7jeJiQ8Xd2pXbOZQ=="
OK


system:mm[2]> users -n test
-g opmin
-ms 5
-cn admin
-ap sha
-pp des
-at set
-i 0.0.0.0
Node provisioning: -ipmisnmpv3 disabled
I/O module provisioning: -snmpv3 disabled
0 active session(s)
Max 2 session(s) allowed
Account is active
Password is not expired
Password is compliant
Number of SSH public keys installed for this user: 3
Last login: Never


system:mm[2]> users -n test -ki 1
ssh-rsa 2048 bits 69:d0:2d:4e:72:09:88:0d:ff:63:87:2c:26:5d:f6:f2
-af
-cm
system:mm[2]> users -n test -ki all

Key 1
ssh-rsa 2048 bits 69:d0:2d:4e:72:09:88:0d:ff:63:87:2c:26:5d:f6:f2
-af
-cm

Key 2
ssh-rsa 2048 bits 69:d0:2d:4e:72:09:88:0d:ff:63:87:2c:26:5d:f6:f2
-af
-cm

Key 3
ssh-rsa 2048 bits 69:d0:2d:4e:72:09:88:0d:ff:63:87:2c:26:5d:f6:f2
-af
-cm


system:mm[2]> users -n test -ki 1 -kf openssh -e
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvfnTUzRF7pdBuaBy4dO/aIFasa/Gtc+o/wlZnuC4aD
HMA1UmnMyLOCiIaNOy4OOICEKCqjKEhrYymtAoVtfKApvY39GpnSGRC/qcLGWLM4cmirKL5kxHNOqI
cwbT1NPceoKHj46X7E+mqlfWnAhhjDpcVFjagM3Ek2y7w/tBGrwGgN7DPHJU1tzcJy68mEAnIrzjUo
R98Q3/B9cJD77ydGKe8rPdI2hIEpXR5dNUiupA1Yd8PSSMgdukASKEd3eRRZTBl3SAtMucUsTkYjlX
cqex1OQz4+N50R6MbNcwlsx+mTEAvvcpJhuga70UNPGhLJMl6k7jeJiQ8Xd2pXbOZQ==


system:mm[2]> users -n test -dnld -ki 1 -kf openssh -u tftp://9.72.216.40/file.key
OK


system:mm[2]> users -n test -upld -ki 1 -kf openssh -u tftp://9.72.216.40/file.key
OK


system:mm[2]> users -n test -ki 1 -remove
OK


system:mm[2]> users -n test -ki all -remove
OK