Home >

LunaSH Command Reference Guide > LunaSH Commands > sysconf > sysconf ssh ip

sysconf ssh ip

Set the SSH local-IP restriction policy.

This command restricts appliance/HSM administrative traffic (over SSH) to only the indicated IP address (bound to one of the SafeNet Network HSM's Ethernet ports). Use this where you need to segregate administrative traffic from client (NTLS) traffic. This command is an alternative to the command sysconf ssh device, which performs the same action by specifying an Ethernet device.

If you wish, SSH traffic restriction could complement client traffic restriction using the command ntls bind, which binds client (NTLS) traffic to a specific IP or device name on your SafeNet Network HSM.

Syntax

sysconf ssh ip <IP_address>

Parameter Description
<IP_address>

Specifies the IP address associated with the SafeNet Network HSM network interface device to which you want to restrict the SSH service.

Valid values:

Any specific IPv4 or IPv6 address

0.0.0.0 (unrestricted IPv4)

:: (unrestricted IPv6)

Example

lunash:>sysconf ssh ip 192.20.10.200
            
Success: SSH now restricted to ethernet device eth0 (ip address 192.20.10.200).
     Restarting ssh service.
Stopping sshd:                                [  OK  ] 
Starting sshd: [ OK ]
 
Command Result : 0 (Success)