Syntax
ssh server acl acl-number
undo ssh server acl
Default
An SSH server allows all IPv4 SSH clients to access the server.
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an ACL number in the range of 2000 to 4999.
Usage guidelines
You can use this command to filter the IPv4 SSH clients' request packets by referencing an ACL:
If the ACL has rules configured, only the IPv4 SSH clients whose request packets match the permit
•
statement in this ACL can access the server.
If the ACL does not exist, or if the ACL does not have any statement, all the IPv4 SSH clients can
•
access the server.
The ACL filters only new SSH connections after the configuration.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure ACL 2001 and reference the ACL to allow only an IPv4 SSH client at 1.1.1.1 to access the
server.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0
[Sysname-acl-basic-2001] quit
[Sysname] ssh server acl 2001
Related commands
display ssh server
ssh server authentication-retries
Use ssh server authentication-retries to set the maximum number of authentication attempts for SSH
users.
Use undo ssh server authentication-retries to restore the default.
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
Default
The maximum number of authentication attempts for SSH users is 3.
182