sshd-config — configure which addresses can SSH to the appliance
sshd-config (--list | --help)
sshd-config --add (allow|deny) [IPv6 address] or IPv4 address
sshd-config --delete (allow|deny) rule#
sshd-config --version [1|2]
sshd-config --cbc [on|off]
The sshd-config command lets you specify which addresses can access the appliance through SSH.
IPv6 addresses must be enclosed in brackets.
Add a new rule.
Turn on or off support for CBC ciphers, also known as block ciphers. If set to off, the only cipher available for use is RC4, also known as arcfour.
Delete an active rule.
Display this message.
Display the active rules and the current protocol number.
Set the version number of the protocol to use (1 or 2).
When an SSH client connects, the client address is compared to the allow list and deny list in the following order:
If the client address matches any allow rules, then the connection is allowed.
If the client address matches any deny rules, then the connection is rejected.
Each rule is a list of one or more addresses and wildcards that are separated by commas, as follows:
Matches a specific host
some | other.hostname.com
Matches some.hostname.com and other.hostname.com
Matches a specific IP address
Matches any IP address starting with 1.2
Matches any IP address within the 1.2.3.* subnet
The EXCEPT keyword can be used to exclude a subset of addresses. For example, hostname.com EXCEPT forbidden.hostname.com.
An IPv6 host address is matched to an address if the prefixlen bits of 'net´ is equal to the prefixlen of the address. For example, the [net]/prefixlen pattern [3ffe:505:2:1::]/64 would match every address in the range 3ffe:505:2:1:: through 3ffe:505:2:1:ffff:ffff:ffff:ffff.
You can specify one of the following keywords instead of a host name or IP address for the address parameter. Use the KNOWN and UNKNOWN keywords with care since they depend on DNS service.
Matches any address
Matches any host whose name does not contain a dot character
Matches any host whose name and address are known
Matches any host whose name or address are unknown
Imported Document ID: HOWTO92658
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe