User Account Commands

nv show system aaa user

	nv show system aaa user Displays list of users, their role and status.
Syntax Description	N/A
Default	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv show system aaa user Username Full-name Role State -------- -------------------- ------- ------- admin System Administrator admin enabled monitor System Monitor monitor enabled`
REST API	GET https://<ip>/nvue_v1/system/aaa/user
Related Commands	nv set system aaa user
Notes

nv show system aaa user id

	nv show system aaa user <user-id> Displays configuration of a user.
Syntax Description	user-id	The user (e.g., monitor, test)
Default	N/A
History	Updated command output
Example	`admin@nvos:~$ nv show system aaa user admin operational applied ------------------ -------------------- -------------------- state enabled enabled role admin admin full-name System Administrator System Administrator password * * hashed-password * * ssh [authorized-key]`
REST API	GET https://<ip>/nvue_v1/system/aaa/user/{user-id}
Related Commands	nv show system aaa user nv set system aaa user
Notes

nv show system aaa user ssh authorized-key

	nv show system aaa user <user-id> ssh authorized-key <authorized-key-id> Lists all SSH keys associated with the specified user.
Syntax Description	user-id	The user (e.g., monitor, test)
	authorized-key-id	Name of the SSH key (item-name) (enum: saved keys of user)
Default	N/A
History	Updated command output
Example	`admin@nvos:~$ nv show sys aaa user admin ssh authorized-key SSH Key Name Key string Key Type ------------ ---------- ------------------- key1 * ecdsa-sha2-nistp256`
REST API	GET https://<ip>/nvue_v1/system/aaa/user/<user>/ssh/authorized-key
Related ommands
Notes	The key string is obfuscated yet not regarded as a secret within NVOS.

nv show system aaa user ssh authorized-key id

	nv show system aaa user <user-id> ssh authorized-key <ssh-authorized-key-id> Displays details for a specific SSH key.
Syntax Description	user-id	The user (e.g., monitor, test)
	authorized-key-id	Name of the SSH key (item-name) (enum: saved keys of user)
Default	N/A
History	Updated command output
Example	`admin@nvos:~$ nv show sys aaa user admin ssh authorized-key key1 operational applied ---- ------------------- ------------------- key * * type ecdsa-sha2-nistp256 ecdsa-sha2-nistp256`
REST API	GET https://<ip>/nvue_v1/system/aaa/user/<user-id>/ssh/authorized-key/<ssh-authorized-key-id>
Related Commands
Notes	The key string is obfuscated yet not regarded as a secret within NVOS.

nv show system aaa user ssh

	nv show system aaa user <user-id> ssh Display user SSH configuration.
Syntax Description	user-id	The user (e.g., monitor, test)
Default	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv show sys aaa user admin ssh operational applied ---------------- ----------- ------- [authorized-key] key1 key1`
REST API	GET https://<ip>/nvue_v1/system/aaa/user/<user-id>/ssh
Related Commands
Notes	Key string in obfuscated but is not considered a secret in nvos.

nv show system aaa allow-reset-local-passwords

	nv show system aaa allow-reset-local-passwords Displays state of resetting the local users passwords upon long reboot press
Syntax	N/A
Default	Enabled
History	25.02.2002
Example	`admin@nvos:~$ nv show system aaa allow-reset-local-passwords operational applied ----- ----------- ------- state enabled enabled`
REST API	GET https://<ip>/nvue_v1/system/aaa/allow-reset-local-passwords
Related Commands	nv set system allow-reset-local-passwords state <enabled\|disabled>
Notes

nv show system aaa user spiffe-id

	nv show system aaa user <user-id> spiffe-id Display all SPIFFE IDs of a given user.
Syntax	N/A
Default	Enabled
History	25.02.4002
Example	`admin@nvos:~$ nv show sys aaa user admin ssh spiffe-id Spiffe Id ----------------------- spiffe://example.com/prod`
REST API	GET https://<ip>/nvue_v1/system/aaa/user/<user>/spiffe-id
Related Commands	nv set system aaa user <user-id> spiffe-id <spiffe-id>
Notes	Same as with certificate, the value for each spiffe-id is empty.

nv set/unset system aaa user ssh authorized-key

	nv set system aaa user <user-id> ssh authorized-key <ssh-authorized-key-id> {key \| type} nv unset system aaa user <user> ssh authorized-key <ssh-authorized-key-id> {key \| type} Authorized SSH key configuration. The unset form of the command clears configuration of SSH parameters for a user.
Syntax Description	user-id	Name of the user (user-name) (enum: local users)
	authorized-key-id	Name of the SSH key (item-name) (enum: saved keys of user)
	key	The base64 contents of the key (key-string)
	type	The type of encoded key (string \| enum:ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, ssh-rsa \| default:ssh-rsa)
Default	key=N/A type=ssh-rsa
History	25.02.2002
Example	`admin@nvos:~$ nv set sys aaa user admin ssh authorized-key key1 key AAAdnfs…== admin@nvos:~$ nv set sys aaa user admin ssh authorized-key key1 type nistp384` `admin@nvos:~$ nv unset sys aaa user admin ssh authorized-key admin@nvos:~$ nv unset sys aaa user admin ssh authorized-key key1 admin@nvos:~$ nv unset sys aaa user admin ssh authorized-key key1 type admin@nvos:~$ nv unset sys aaa user admin ssh authorized-key key1 key`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/<user-id>/ssh/authorized-key/<ssh-authorized-key-id>
Related Commands
Notes

nv set/unset system aaa user

	nv set system aaa user <user-id> nv unset system aaa user <user-id> Specifies a username and creates a user account. New users are created initially with admin privileges. The unset form of the command deletes the user account.
Syntax Description	user-id	The user. Username max length is 32 and it begins with a letter or an underscore, followed by letters, digits, underscores, or dashes. They can end with a dollar sign.
Default	The following usernames are available by default: * admin * monitor
History	25.02.2002
Example	`admin@nvos:~$ nv set system aaa user test`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/{user-id}
Related Commands	nv show system aaa user nv set system aaa user password
Notes	New users must have a password. Default users cannot be deleted.

nv set/unset system aaa user full-name

	nv set system aaa user <user-id> full-name <full-name> nv unset system aaa user <user-id> full-name <full-name> Configures user's full-name (Gecos Field). The unset form of the command sets user full-name (Gecos Field) to empty.
Syntax Description	user-id	The user
	full-name	The full name of the user
Default	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv set system aaa user test full-name "Test User"`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/{user-id}
Related Commands	nv show system aaa user nv set system aaa user
Notes

nv set/unset system aaa user state

	nv set system aaa user <user-id> state <enable \| disable> nv unset system aaa user <user-id> state Enables/disables the user account. The unset form of the command returns the user account state to its default state (enabled).
Syntax Description	user-id	The user
Default	Enabled
History	25.02.2002
Example	`admin@nvos:~$ nv set system aaa user test state disabled`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/{user-id}
Related Commands	nv show system aaa user nv set system aaa user
Notes	Disabling a user account will terminate all user bash terminals.

nv set/unset system aaa user role

	nv set system aaa user <user-id> role <role-id> nv unset system aaa user <user-id> role Configures user role (capabilities). The unset form of the command return the user account role to its default (admin).
Syntax Description	user-id	The user
	role-id	The name of the role
Default	admin
History	25.02.2002
Example	`admin@nvos:~$ nv set system aaa user test role monitor`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/{user-id}
Related Commands	nv show system aaa user nv show system aaa role nv set system aaa user
Notes

nv set/unset system aaa user password

	nv set system aaa user <user-id> password <password> nv unset system aaa user <user-id> password Configures a login password in cleartext. The unset form of the command clears the user password for non-default users. For default users, the default password will be expired and must be reconfigured in the next login.
Syntax Description	user-id	The user
	password	A password for the user in string form. A string containing special Linux characters must be quoted or have the special characters escaped (i.e., add "\" before each special character). Examples: `pass\!word` `"pass!word"` A leading dot is a special case and it must be escaped even if it is quoted: Examples: `"\.password"` `\\.password`
Default	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv set system aaa user test password "pa\!sswOrd" admin@nvos:~$ nv set system aaa user test password Enter new password: Confirm password:`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/{user-id}
Related Commands	nv show system aaa user nv set system aaa user
Notes	If no password was specified, user will be prompted to configure the password. If password hardening is enabled, the new password must match all configured policies. A string containing special Liznux characters must be quoted or have the special characters escaped (i.e., add "\" before each special character). Examples: `pass\!word` `"pass!word"` A leading dot is a special case and it must be escaped even if it is quoted: Examples: `"\.password"` `\\.password` A password is required, therefore a password must be configured before applying new configurations.

nv set/unset system aaa user hashed-password

	nv set system aaa user <user-id> hashed-password <hashed-password> nv unset system aaa user <user-id> hashed-password Configures a login password in encrypted format. The unset form of the command clears the user hashed-password.
Syntax Description	user-id	The user
	hashed-password	A password for the user in encrypted text. Special Linux characters must be escaped (add "\" before each special character).
Default	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv set system aaa user test password "\$y\$j9T\$YwHwJEhi5c2oCgNNVJZgR0\$TboB1DcoS2iGmneLa/9Y54hsAgq9milQKGYmmkRffJC"`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/{user-id}
Related Commands	nv show system aaa user nv set system aaa user nv set system aaa user password
Notes	If password hardening is enabled, hashed-password configuration will be blocked. Special Linux characters must be escaped (i.e., add "\" before each special character). A password is required, therefore a password must be configured before applying new configurations.

nv set/unset system aaa allow-reset-local-passwords state

	nv set system aaa allow-reset-local-passwords state <enabled \| disabled> nv unset system aaa allow-reset-local-passwords state Enables/disables the ability to reset local users' passwords upon long reboot press. The unset form of the command returns the state of feature to its default state (enabled).
Syntax	state	enabled, disabled
Default	Enabled
History	25.02.2002
Example	`admin@nvos:~$ nv set system aaa allow-reset-local-passwords state disabled`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/allow-reset-local-passwords
Related Commands	nv show system aaa allow-reset-local-passwords
Notes

nv set/unset system aaa user spiffe-id

	nv set system aaa user <user-id> spiffe-id <spiffe-id> nv unset system aaa user <user-id> spiffe-id Configure all SPIFFE IDs of a given user. The unset form of the command clears all SPIFFE IDs for a user.
Syntax Description	spiffe-id	SPIFFE ID mapped to the user (string) SPIFFE ID must be in format `spiffe://trust-domain/path`, where the trust-domain and path has only letters, numbers, dots, dashes, and underscores
Default	N/A
History	25.02.4002
Example	`admin@nvos:~$ nv set system aaa user admin spiffe-id spiffe://trust/domain`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/user/<user>/ spiffe-id /<ssh- spiffe-id>
Related Commands	nv show system aaa user spiffe-id
Notes

Last updated: June 01, 2026