beautypg.com

Disabling 3-des, Displaying ssh server connection information, Filtering ssh server access using acls – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 270

background image

252

Multi-Service IronWare Security Configuration Guide

53-1003035-02

SSH server version 2 support

5

Filtering SSH server access using ACLs

You can permit or deny SSH server access to the device using ACLs. To configure an ACL that
restricts SSH server access to the device, enter commands such as the following.

Syntax: ssh access-group {num | name | ipv6 ipv6-acl-name}

Use the ipv6 keyword if you are applying an IPv6 access list.

The num parameter specifies the number of a standard IPv4 ACL, 1 – 99.

The name parameter specifies a standard IPv4 access list name.

The ipv6-acl-name parameter specifies an IPv6 access list name.

These commands configure ACL 12, then apply the ACL as the access list for SSH server access.
The device denies SSH server access from the IPv4 addresses listed in ACL 12 and permits SSH
server access from all other IP addresses. Without the last ACL entry for permitting all packets, this
ACL would deny SSH server access from all IP addresses.

NOTE

Access control lists are IP version specific. When both IPv4 and IPv6 ACLs are configured, the IPv4
ACL will be applied to sessions from IPv4 clients and the IPv6 ACL will be applied to sessions from
IPv6 clients.

Refer to

“Access Control List”

and

“Configuring an IPv6 Access Control List”

for details on how to

configure ACLs.

Disabling 3-DES

By default, both 3-DES and AES encryption algorithms are enabled on the device. You can disable
3-DES by entering the following command.

Brocade(config)# ip ssh encryption aes-only

Syntax: [no] ip ssh encryption aes-only

Displaying SSH server connection information

A maximum of 16 SSH server connections can be active on the device at a given time. To display
information about SSH server connections, enter the following command.

Brocade(config)# access-list 12 deny host 10.157.22.98

Brocade(config)# access-list 12 deny 10.157.23.0 10.0.0.255

Brocade(config)# access-list 12 deny 10.157.24.0/24

Brocade(config)# access-list 12 permit any

Brocade(config)# ssh access-group 12

Brocade(config)# write memory

See also other documents in the category Brocade Computer Accessories: