sysconf ssh client
Configure and manage SSH access control at the HSM appliance, by creating an allowlist of IP addresses that are permitted to connect. These commands are optional, and can be used if you wish to apply an additional layer in your network security with respect to HSM appliances.
NOTE This command is available using Luna Appliance Software 7.7.1 and newer.
Your network administrator remains responsible for all the standard network security configuration and management actions required by your security regime.
IP addresses are added, singly or in groups, this creates or expands a list of exclusively permitted host IPs that are applicable to a given Luna Network HSM 7 appliance user ID.
> When the list exists, only member host IP addresses are permitted; all others are excluded.
>If the list does not exist for a user ID on the appliance, then any IP address can potentially connect via SSH.
>When no allowlist exists for user ID, the Client Access Status shows as "All clients" next to that user ID.
>Current list members can be deleted individually, or the entire list can be deleted. Or allowlists for all user IDs can be cleared at once.
NOTE These commands do not have any awareness whether the provided host IP represents a valid Luna client. The command applies a general IP-based SSH access filtering. It is up to you to ensure that you are using a correct host IP address in each instance, such as you would have separately configured for NTLS or STC client connections - see Client-Partition Connections.
Syntax
sysconf ssh client
add
clear
delete
list
showRejectedClients
| Subcommand(s) | Shortcut | Description |
|---|---|---|
| add | a | Adds a client IP to the list. When the list has one member or more, any IP not included, is refused when attempting SSH connection. See sysconf ssh client add. |
| clear | c | Deletes all the currently permitted IP addresses from the list associated with every user ID. Allows any IP to connect via SSH. See sysconf ssh client clear. |
| delete | d | Deletes a single client host IP or a comma-separated list of host IP addresses from the allowlist of permitted addresses for a named Luna Network HSM 7 appliance user ID. See sysconf ssh client delete. |
| list | l | List configured client IPs. See sysconf ssh client list. |
| showRejectedClients | t | Show the most recent log entries regarding rejected client IPs. See sysconf ssh client showRejectedClients. |
