Ezsh shell disallowed

Troubleshooting "Ezsh Shell Disallowed" Error for SSH Gateway Users

Overview: This article describes SSH gateway users encountering the 'Ezsh shell disallowed' error while accessing the backend via SSH, highlighting the need for explicit configuration in Access Control to grant access to the ezsh shell, requiring super admin or privileged user rights.

SSH gateway users are getting the error "Ezsh shell disallowed" while trying to access the backend via SSH.

ssh [email protected]

[email protected]'s password:

Last login: Tue May 7 06:04:37 2024 from 192.168.56.1

Ezsh shell disallowed.

Connection to 192.168.0.110 closed.

The ssh gateway user needs to be explicitly given access to the ezsh shell in access control. As you can see below the user Zan is granted access to the ezsh shell under Access Control > User-Action > Gateway > Ezsh Shell or under User-Group ->Action->Gateway->Ezsh Shell.

Note: The gateway user must be either a super admin or a privileged user with access to the following:

Access Control > User-Action > Gateway > Ezsh shell.

Emergency CLI Method:

If you want to allow ezsh shell for all users run the following command on the jump server

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "replace into prefix_usergroup_func_acls (usergroup_id, func_id) select id, 253 from prefix_usergroups"

Related Articles:

Error logs and configuration files to troubleshoot.