sysconf ssh device

Restrict the appliance/HSM administrative traffic (over SSH) to a specific Ethernet device. Use this command if you want to segregate administrative traffic (SSH) from client (NTLS) traffic. This command is an alternative to the command sysconf ssh ip, which performs the same action by specifying an IP address that corresponds to one of your network devices.

If you wish, SSH traffic restriction could complement client traffic restriction using the command ntls bind, which binds client (NTLS) traffic to a specific IP or device name on your Luna Network HSM.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

sysconf ssh device <netdevice>

Argument(s) Description
<netdevice>

Specifies the device to which you want to restrict the SSH service.

Valid values:

all: Allow SSH on all devices.

eth0: Restrict SSH connections to the eth0 interface.

eth1: Restrict SSH connections to the eth1 interface.

eth2: Restrict SSH connections to the eth2 interface.

eth3: Restrict SSH connections to the eth3 interface.

Example

lunash:>sysconf ssh device eth0

Success:  SSH now restricted to ethernet device eth0 (IP address 192.20.11.78).
          Restarting ssh service.

Stopping sshd:                                             [  OK  ]

Starting sshd:                                             [  OK  ]


Command Result : 0 (Success)