默认情况下,SP 接受来自任何 IP 地址的管理主机的 SSH 连接请求。您可以对 SP 进行配置,使其仅接受来自指定 IP 地址的管理主机的 SSH 连接请求。所做更改将应用到对集群中任何节点的 SP 的 SSH 访问。
以下示例显示了对 SP 的 SSH 访问的默认设置,通过仅允许您指定的 IP 地址访问 SP 来更改默认设置,从访问列表中删除指定的 IP 地址,然后还原所有 IP 地址的 SP 访问。
cluster1::> system service-processor ssh show Allowed Addresses: 0.0.0.0/0, ::/0 cluster1::> system service-processor ssh add-allowed-addresses -allowed-addresses 192.168.1.202/24, 192.168.10.201/24 Warning: The default "allow all" setting (0.0.0.0/0, ::/0) will be replaced with your changes. Do you want to continue? {y|n}: y cluster1::> system service-processor ssh show Allowed Addresses: 192.168.1.202/24, 192.168.10.201/24 cluster1::> system service-processor ssh remove-allowed-addresses -allowed-addresses 192.168.1.202/24, 192.168.10.201/24 Warning: If all IP addresses are removed from the allowed address list, all IP addresses will be denied access. To restore the "allow all" default, use the "system service-processor ssh add-allowed-addresses -allowed-addresses 0.0.0.0/0, ::/0" command. Do you want to continue? {y|n}: y cluster1::> system service-processor ssh show Allowed Addresses: - cluster1::> system service-processor ssh add-allowed-addresses -allowed-addresses 0.0.0.0/0, ::/0 cluster1::> system service-processor ssh show Allowed Addresses: 0.0.0.0/0, ::/0