The ssh ipv6 server-source command specifies a source IPv6 address for an SSH server.
The undo ssh ipv6 server-source command cancels the specified source IPv6 address for an SSH server.
The ssh server-source physic-isolate command specifies the isolation source interface of the SSH server.
The undo ssh server-source physic-isolate command cancels the isolation source interface of the SSH server.
By default, no source interface or source IPv6 address is specified for an SSH server.
ssh ipv6 server-source -a ipv6-address [ -vpn-instance vpn-instance-name ]
ssh ipv6 server-source all-interface
ssh ipv6 server-source physic-isolate -i { interface-type interface-num | interface-name } -a ipv6-address
undo ssh ipv6 server-source -a ipv6-address [ -vpn-instance vpn-instance-name ]
undo ssh ipv6 server-source all-interface
undo ssh ipv6 server-source physic-isolate -i { interface-type interface-num | interface-name } -a ipv6-address
| Parameter | Description | Value |
|---|---|---|
| -vpn-instance vpn-instance-name |
Specifies the VPN instance of an SSH server. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| all-interface |
Indicates that any interface having an IP address configured can be used as the source interface of a SSH server. |
- |
| -i interface-name |
Specifies the source interface name of an SSH server. |
- |
| interface-type interface-num |
Specifies the source interface type and interface number of an SSH server. |
- |
| -a ipv6-address |
Specifies the source IPv6 address of an SSH server. |
The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
Usage Scenario
The SSH server receives login requests from all interfaces and addresses, leading to low system security. To improve system security, you can run this command to specify the source interface or IPv6 source address of the SSH server so that only authorized users can log in to the server.
Prerequisites
If the source interface of the SSH server is a logical interface, the logical interface must have been created. Otherwise, the command cannot be executed successfully.
Before specifying a VPN instance for an SSH server, ensure that a VPN has been created. Otherwise, the command cannot be executed successfully.
Configuration Impact
After the source interface or IPv6 source address of the SSH server is specified, the system allows only SFTP, STelnet, SCP, and SNETCONF users to log in to the server through the specified source interface or IPv6 source address, and SFTP, STelnet, SCP, and SNETCONF users who log in through other interfaces will be rejected. However, the SFTP, STelnet, SCP, and SNETCONF users who have logged in to the server are not affected.
Precautions
<HUAWEI> system-view [~HUAWEI] ip vpn-instance vpn1 [*HUAWEI-vpn-instance-vpn1] ipv6-family [*HUAWEI-vpn-instance-vpn1-af-ipv6] quit [*HUAWEI-vpn-instance-vpn1] quit [*HUAWEI] ssh ipv6 server-source -a 2001:db8::1 -vpn-instance vpn1 Warning: SSH server source configuration will take effect in the next login. Do you want to continue? [Y/N]:y
<HUAWEI> system-view [~HUAWEI] ssh ipv6 server-source physic-isolate -i GigabitEthernet 0/1/0 -a 2001:db8::1 Warning: SSH server source configuration will take effect in the next login. Do you want to continue? [Y/N]:y Info: Succeeded in setting the source interface of the SSH server to GigabitEthernet0/1/0.