ssh server acl

Syntax

ssh server acl acl-number

undo ssh server acl

View

System view

Default level

2: System level

Parameters

acl-number: Specifies an ACL number in the range of 2000 to 3999.

Description

Use ssh server acl to specify an ACL to control IPv4 SSH user connections.

Use undo ssh server acl to restore the default.

By default, no ACLs are specified and all IPv4 SSH users can initiate SSH connections to the server.

The specified ACL filters IPv4 SSH users' connection requests. Only the IPv4 SSH users that the ACL permits can initiate SSH connections to the server.

All IPv4 SSH users can initiate SSH connections to the device when any one of the following conditions exists:

• You do not specify an ACL.

• The specified ACL does not exist.

• The specified ACL does not have rules.

The ACL takes effect only on SSH connections that are initiated after the ACL configuration.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure ACL 2001 and permit only the users at 1.1.1.1 to initiate SSH connections to the server.

<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0
[Sysname-acl-basic-2001] quit
[Sysname] ssh server acl 2001