configure ssh2 access-profile

configure ssh2 access-profile [ access_profile | [[add rule] [first | [[before | after] previous_rule]]] | delete rule | none]

Description

Configures SSH2 to use an ACL policy or ACL rule for access control.

Syntax Description

access_profile Specifies an ACL policy.
add Specifies that an ACL rule is to be added to the SSH2 port.
rule Specifies an ACL rule.
first Specifies that the new rule is to be added before all other rules.
before Specifies that the new rule is to be added before a previous rule.
after Specifies that the new rule is to be added after a previous rule.
previous_rule Specifies an existing rule in the application.
delete Specifies that one particular rule is to be deleted.
none Specifies that all the rules or a policy file is to be deleted.

Default

N/A.

Usage Guidelines

You must be logged in as administrator to configure SSH2 parameters.

When adding a new rule, use the first, before, and after previous_rule parameters to position it within the existing rules.

If the SSH2 traffic does not match any of the rules, the default behavior is deny. To permit SSH2 traffic that does not match any of the rules, add a permit all rule at the end of the rule list.

Creating an ACL Policy File

To create an ACL policy file, use the edit policy command. For more information about creating and implementing ACL policy files, see Policy Manager and ACLs in the ExtremeXOS 30.7 User Guide .

If you attempt to implement a policy that does not exist on the switch, an error message similar to the following appears:

Error: Policy /config/MyAccessProfile.pol does not exist on file system

If this occurs, make sure the policy you want to implement exists on the switch. To confirm the policies on the switch, use the ls command. If the policy does not exist, create the ACL policy file.

Example

The following example applies the ACL MyAccessProfile_2 to SSH2:

configure ssh2 access-profile MyAccessProfile_2

The following example copies the ACL rule, DenyAccess to the SSH2 application in first place:

 configure ssh2 access-profile add DenyAccess first 

The following example removes the association of a single rule from the SSH2 application:

configure ssh2 access-profile delete DenyAccess

The following example removes the association of all ACL policies and rules from the SSH2 application:

configure ssh2 access-profile none

History

This command was first available in ExtremeXOS 12.5.

Platform Availability

This command is available on the ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, and X870 series switches.