beautypg.com

Configuring the maximum idle time for ssh sessions, Filtering ssh access using acls, Terminating an active ssh connection – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 90: Displaying ssh information

background image

Designating an interface as the source for all SSH packets

You can designate a loopback interface, virtual interface, or Ethernet port as the source for all SSH
packets from the device. For details, see "Specifying a single source interface for specified packet
types" section in the FastIron Ethernet Switch Layer 3 Routing Configuration Guide .

Configuring the maximum idle time for SSH sessions

By default, SSH sessions do not time out. Optionally, you can set the amount of time an SSH session
can be inactive before the Brocade device closes it. For example, to set the maximum idle time for
SSH sessions to 30 minutes, enter the following command.

device(config)#ip ssh idle-time 30

Syntax: ip ssh idle-time minutes

If an established SSH session has no activity for the specified number of minutes, the Brocade device
closes it. An idle time of 0 minutes (the default value) means that SSH sessions never time out. The
maximum idle time for SSH sessions is 240 minutes.

Filtering SSH access using ACLs

You can permit or deny SSH access to the Brocade device using ACLs. To use ACLs, first create the
ACLs you want to use. You can specify a numbered standard IPv4 ACL, a named standard IPv4 ACL

Enter commands such as the following.

device(config)#access-list 10 permit host 10.168.144.241

device(config)#access-list 10 deny host 10.168.144.242 log

device(config)#access-list 10 permit host 10.168.144.243

device(config)#access-list 10 deny any

device(config)#ssh access-group 10

Syntax: ssh access-group { standard-named-acl | standard-numbered-acl }

Terminating an active SSH connection

To terminate one of the active SSH connections, enter the following command

device#kill ssh 1

Syntax: kill ssh connection-id

Displaying SSH information

Up to five SSH connections can be active on the Brocade device.

Designating an interface as the source for all SSH packets

90

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: