ssh server acl
Use ssh server acl to specify an ACL to control IPv4 SSH connections to the server.
Use undo ssh server acl to restore the default.
Syntax
ssh server acl { advanced-acl-number | basic-acl-number | mac mac-acl-number }
undo ssh server acl
Default
No ACLs are specified and all IPv4 SSH clients can initiate SSH connections to the server.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
advanced-acl-number: Specifies an IPv4 advanced ACL number in the range of 3000 to 3999.
basic-acl-number: Specifies an IPv4 basic ACL number in the range of 2000 to 2999.
mac mac-acl-number: Specifies a Layer 2 ACL by its number in the range of 4000 to 4999.
Usage guidelines
The ACL specified in this command filters IPv4 SSH clients' connection requests. Only the IPv4 SSH clients that the ACL permits can access the device. If the specified ACL does not exist or contains no rules, all IPv4 SSH clients can access the device.
The ACL takes effect only on SSH connections that are initiated after the ACL configuration.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure ACL 2001 and permit only the users at 1.1.1.1 to initiate SSH connections to the server.
<Sysname> system-view [Sysname] acl basic 2001 [Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0 [Sysname-acl-ipv4-basic-2001] quit [Sysname] ssh server acl 2001
Related commands
display ssh server