How to create and test a "Read-Only", SSH, login user account
To have an SSH login account in the "Read-Only" state, please note that, from SSH, only the "admin" group is supported, for any local account. Please refer to the snippets below and see the possible completions therein, for the additional user. The user must be added to the "admin" group, to gain login access to the "enable" (>) mode.
Next, set the password for the "ssh_user" user account using the "password" sub-command. See snippet below.
Now, the "ssh_user" user has access only to the enable mode, with only the "Read-Only" access and can use only the "show" command. Please refer to the snippet below.
Rule of thumb
It's very important to note that you do not set the password for the "Read-Only", "admin" group user to be the same as the "enable-password". The "enable-password" is shared by all the user accounts in the "admin" group. If this mistake is made, the Read-Only" state would be broken and the user (in this case, "ssh_user") would gain "Read-Write" access on the Reporter appliance.