Ssh Server Acl - H3C MSR Series Command Reference Manual

Comware 7 security

Hide thumbs Also See for MSR Series:

Table of Contents

# Set the idle-timeout timer to 200 seconds for the redirected SSH connection.

<Sysname> system-view

[Sysname] line tty 1

[Sysname-line-tty1] ssh redirect timeout 200

Related commands

ssh redirect enable

ssh server acl

Use ssh server acl to specify an ACL to control IPv4 SSH connections.

Use undo ssh server acl to restore the default.

ssh server acl { basic-acl-number | advanced-acl-number | mac mac-acl-number }

undo ssh server acl

No ACLs are specified and all IPv4 SSH clients can initiate SSH connections to the server.

Predefined user roles

network-admin

basic-acl-number: Specifies an IPv4 basic ACL number in the range of 2000 to 2999.

advanced-acl-number: Specifies an IPv4 advanced ACL number in the range of 3000 to 3999.

mac mac-acl-number: Specifies a Layer 2 ACL by its number in the range of 4000 to 4999.

Usage guidelines

The specified ACL filters IPv4 SSH clients' connection requests. Only the IPv4 SSH clients that the

ACL permits can initiate SSH connections to the server.

All IPv4 SSH clients can initiate SSH connections to the device when any one of the following

conditions exists:

You do not specify an ACL.

The specified ACL does not exist.

The specified ACL does not have rules.

The ACL takes effect only on SSH connections that are initiated after the ACL configuration.

If you execute this command multiple times, the most recent configuration takes effect.

# Configure ACL 2001 and permit only the users at 1.1.1.1 to initiate SSH connections to the server.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ssh server acl 2001