sysconf ssh client delete
Delete or unregister a client host-IP address from the SSH access permission list for a specified Network HSM appliance user ID.
NOTE This command is available using Luna Appliance Software 7.7.1 and newer.
IP addresses are removed from the existing list.
> If you delete a subset of IPs already registered, then SSH access remains limited to access from those IPs still explicitly included in the allowlist.
>When you remove all IP entries from the list for a specific user ID, it reverts to "All clients"; that is, you allow a user to SSH from any workstation.
NOTE For multiple IP address entry, surround the list with quotation marks and separate list members with comma delimiters. Spaces are optional for readability, and are ignored.
Invalid entries are flagged and the command exits.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
sysconf ssh client delete -ip <multipleipaddresses> -force
| Argument(s) | Shortcut | Description |
|---|---|---|
| -host <multipleaddresses> | -h | SSH client host IP(s) to unregister. Use ',' as a delimiter. |
| -userid | -u | User name |
| -force | -f | Force the action with no prompting. |
Example deleting/unregistering one IP address
lunash:>sysconf ssh client list User ID Client Access status --------------------------------------------- audit All clients admin All clients monitor All clients operator All clients
Alice 10.124.79.145 10.124.145.18 10.124.145.19 10.124.145.20 10.124.145.21 10.124.145.22 10.124.145.23
Command Result : 0 (Success)
[local_host] lunash:>sysconf ssh client delete -userid Alice -host 10.124.145.23
Alice will forfeit ssh access from all hosts specified here:
10.124.145.23
If you are sure that you wish to proceed, then type 'proceed',
otherwise type 'quit'
> proceed
Proceeding...
INFO: Restarting sshd service is recommended to apply updated
ssh access configuration.
Command Result : 0 (Success)
lunash:>sysconf ssh client list
User ID Client Access status
---------------------------------------------
audit All clients
admin All clients
monitor All clients
operator All clients
Alice 10.124.79.145 10.124.145.18 10.124.145.19 10.124.145.20 10.124.145.21 10.124.145.22
Command Result : 0 (Success)
lunash:>
User "Alice" on the appliance could be accessed from any of seven host IP addresses. The command removes (unregisters) one of them. The six remaining host IP addresses are now the only ones from which user ID "Alice" can be accessed over SSH. The other user IDs in the list remain wide open and can be accessed via SSH from any host IP.
Example deleting/unregistering multiple IP addresses
lunash:>sysconf ssh client list
User ID Client Access status
---------------------------------------------
audit All clients
admin All clients
monitor All clients
operator All clients
Alice 10.124.79.145 10.124.145.18 10.124.145.19 10.124.145.20 10.124.145.21 10.124.145.22
Command Result : 0 (Success)
lunash:>sysconf ssh client delete -userid Alice -host 10.124.145.21,10.124.145.22
Alice will forfeit ssh access from all hosts specified here:
10.124.145.21 10.124.145.22
If you are sure that you wish to proceed, then type 'proceed',
otherwise type 'quit'
> proceed
Proceeding...
INFO: Restarting sshd service is recommended to apply updated
ssh access configuration.
Command Result : 0 (Success)
lunash:>sysconf ssh client list
User ID Client Access status
---------------------------------------------
audit All clients
admin All clients
monitor All clients
operator All clients
Alice 10.124.79.145 10.124.145.18 10.124.145.19 10.124.145.20
Command Result : 0 (Success)
User "Alice" on the appliance could be accessed from any of six host IP addresses. The command removes (unregisters) two of them. The four remaining host IP addresses are now the only ones from which user ID "Alice" can be accessed over SSH. The other user IDs in the list remain wide open and can be accessed via SSH from any host IP.
