sysconf ssh client
Configure and manage SSH access control at the HSM appliance, by creating a whitelist of IP addresses that are permitted to connect. These commands are optional, and can be used if you wish to apply an additional layer in your network security with respect to HSM appliances. [ This command is available with appliance software 7.7.1 and newer. ]
NOTE Your network administrator remains responsible for all the standard network security configuration and management actions required by your security regime.
IP addresses are added, singly or in groups, this creates or expands a list of exclusively permitted host IPs that are applicable to a given Network HSM appliance user ID.
> When the list exists, only member host IP addresses are permitted; all others are excluded.
>If the list does not exist for a user ID on the appliance, then any IP address can potentially connect via SSH.
>When no white list exists for user ID, the Client Access Status shows as "All clients" next to that user ID.
>Current list members can be deleted individually, or the entire list can be deleted. Or white lists for all user IDs can be cleared at once.
NOTE These commands do not have any awareness whether the provided host IP represents a valid Luna client. The command applies a general IP-based SSH access filtering. It is up to you to ensure that you are using a correct host IP address in each instance, such as you would have separately configured for NTLS or STC client connections - see Client-Partition Connections.
Syntax
sysconf ssh client
add
clear
delete
list
showRejectedClients
Subcommand(s) | Shortcut | Description |
---|---|---|
add | a | Adds a client IP to the list. When the list has one member or more, any IP not included, is refused when attempting SSH connection. See sysconf ssh client add. |
clear | c | Deletes all the currently permitted IP addresses from the list associated with every user ID. Allows any IP to connect via SSH. See sysconf ssh client clear. |
delete | d | Deletes a single client host IP or a comma-separated list of host IP addresses from the white list of permitted addresses for a named Network HSM appliance user ID. See sysconf ssh client delete. |
list | l | List configured client IPs. See sysconf ssh client list. |
showRejectedClients | t | Show the most recent log entries regarding rejected client IPs. See sysconf ssh client showRejectedClients. |