Home >

LunaSH Command Reference Guide > LunaSH Commands > sysconf > sysconf ssh device

sysconf ssh device

Set the SSH device restriction policy.
This command restricts appliance/HSM administrative traffic (over SSH) to only the indicated Ethernet port. Use this where you need to segregate administrative traffic from client (NTLS) traffic. This command is an alternative to the command sysconf ssh ip, which performs the same action by specifying an IP address that corresponds to one of your network devices.

If you wish, SSH traffic restriction could complement client traffic restriction using the command ntls bind, which binds client (NTLS) traffic to a specific IP or device name on your SafeNet Network HSM.

Syntax

sysconf ssh device <netdevice>

Parameter            Shortcut Description     
<netdevice>  

Specifies the device to which you want to restrict the SSH service.

Valid values:

all: Allow SSH on all devices.

eth0: Restrict SSH connections to the eth0 interface.

eth1: Restrict SSH connections to the eth1 interface.

lo:

Default:

Example

lunash:>sysconf ssh device all
            
WARNING: SSH is already restricted to the specified IP address / ethernet 
 card. No changes made.

Command Result : 0 (Success)
 
[myluna] lunash:>sysconf ssh device eth1  
Success:  SSH now restricted to ethernet device eth1 (ip address 192.168.255.2). 
             Restarting ssh service.  
Stopping sshd:                                               [  OK  ] 
Starting sshd:                                               [  OK  ]  
Command Result : 0 (Success)
  
[myluna] lunash:>sysconf ssh show  
SSHD configuration: 
 SSHD Listen Port: 22 (Default) 
SSH is restricted to ethernet device eth1 (ip address 192.168.255.2).  
Password   authentication is enabled  
Public key authentication is enabled
   
     Command Result : 0 (Success)

SafeNet Network HSM 6.3 Product Documentation
007-011136-015 Rev. A 14 July 2017 Copyright 2001-2017 Gemalto All rights reserved.