Reset Search
 

 

Article

How do you restrict SSH access to an IP addresses range?

« Go Back

Information

 
TitleHow do you restrict SSH access to an IP addresses range?
Question
How do you restrict SSH access to an IP addresses range?
Environment
  • EXOS
  • SSH access profile
Answer
  1. Enter EXOS CLI editor. Note the policy name will require the ".pol" file extension.  To get into this editor issue: "vi <POLICY_NAME>.pol". As example if you want to to create the policy name called "SSH-access", the CLI command would be "vi SSH-access.pol".
  2. Create the access-list. Type "i" prior to inserting text to the EXOS CLI editor.
Sample ACL:
entry AllowTheseSubnets {
if match any {
source-address 10.203.133.0 /24;
source-address 10.203.135.0 /24;
} then {
permit;
}
}
  1. Write and quit the CLI editor by pressing the escape key and typing ":wq"
  2. Apply the access profile. "configure ssh2 access-profile <POLICY_NAME>"
Additional notes
  • Access profiles have an implicit deny, compared to normal ACLs which have an implicit permit.
  • Default counter support is added only for dynamic ACL rules and not for policy files.(show access-list counter process ssh2 is only for Dynamic ACL rules) 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255