446
Usage guidelines
The ACL specified in this command filters IPv4 SSH clients' connection requests. Only the IPv4 SSH
clients that the ACL permits can access the device. If the specified ACL does not exist or contains no
rules, all IPv4 SSH clients can access the device.
The ACL takes effect only on SSH connections that are initiated after the ACL configuration.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure ACL 2001 and permit only the users at 1.1.1.1 to initiate SSH connections to the server.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] ssh server acl 2001
Related commands
display ssh server
ssh server acl-deny-log enable
Use
ssh server acl-deny-log enable
to enable logging for SSH login attempts that are denied by
the SSH login control ACL.
Use
undo ssh server acl-deny-log enable
to disable logging for SSH login attempts that are
denied by the SSH login control ACL.
Syntax
ssh server acl-deny-log enable
undo ssh server acl-deny-log enable
Default
Logging is disabled for SSH login attempts that are denied by the SSH login control ACL.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Only SSH clients permitted by the SSH login control ACL can access the SSH server. The logging
feature generates log messages for SSH login attempts that are denied by the SSH login control
ACL, and sends the messages to the information center.
For information about log message output, see the information center in
Network Management and
Monitoring Configuration Guide
. For information about configuring an SSH login control ACL, see the
ssh server acl
or
ssh server ipv6 acl
command.
Examples
# Enable logging for SSH login attempts that are denied by the SSH login control ACL.
<Sysname> system-view
[Sysname] ssh server acl-deny-log enable