The ssh ipv6 server-source command specifies an IPv6 source address for an SSH server.
The undo ssh ipv6 server-source command cancels the IPv6 source address specified for an SSH server.
By default, the IPv6 source address of an SSH server is ::.
ssh ipv6 server-source -a ipv6_address [ -vpn-instance vpn_name ]
undo ssh ipv6 server-source
| Parameter | Description | Value |
|---|---|---|
-a ipv6_address |
Specifies the IPv6 source address for an SSH server. |
The total length of an IPv6 address is 128 bits, which are divided into eight groups. Each group contains four hexadecimal digits. The value is in the format X:X:X:X:X:X:X:X. |
-vpn-instance vpn_name |
Specifies the name of a VPN instance. |
The value is a string of 1 to 31 case-sensitive characters. It cannot contain spaces. The VPN instance name cannot be _public_. If the string is enclosed in double quotation marks (" "), the string can contain spaces. |
Usage Scenario
By default, an SSH server accepts connection requests from all IPv6 addresses, as a result of which system security is low. For security purposes, run the ssh ipv6 server-source command to specify an IPv6 source address for the SSH server. In this case, users can log in to the SSH server only using this IPv6 address.
Prerequisites
A VPN instance has been created before you specify it for an SSH server. Otherwise, the ssh ipv6 server-source command cannot be executed.
Configuration Impact
After an IPv6 source address is specified for an SSH server, SSH users can log in to the SSH server only using this IPv6 address. This configuration applies to the SSH users who attempt to log in to the SSH server, not to the SSH users who have logged in to the server.
Precautions
After an IPv6 source address is specified for an SSH server using this command, ensure that SFTP or SSH users can access this IPv6 address at Layer 3. Otherwise, SFTP or SSH users will fail to log in to the SSH server.
If the specified IPv6 source address is bound to a VPN instance, the SSH server is also bound to the VPN instance.