Manual Pages


Table of Contents

NAME

na_rlmaccess - Describes SSH access control to the RLM.

DESCRIPTION

The access control functionality for the Remote LAN Module (RLM) provides a method to restrict SSH access to the RLM.

USAGE

The syntax is as follows:

options rlm.ssh.access host_spec

host_spec is defined as:

host[=|!=]host_list
all
none
*

host_list is a comma-separated list consisting of either a host name, an IP address, or an IP address with a netmask. A valid host name is a string and cannot contain the following characters: "=", "(", ")", "!", "*", and ",". The IP address can be either an IPv4 address or IPv6 address. An IPv4 address is of the format aaa.bbb.ccc.ddd. If the IP address contains a netmask, then the format is: aaa.bbb.ccc.ddd/mm where mm represents the number of bits from the left. An IPv6 address is of the format aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh. If the IPv6 address contains a prefixlen, then the format is: aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh/mm where mm represents the number of bits from the left.

The default value is * - everyone is allowed access to the RLM.

The keyword all is used to grant access to all hosts. The keyword none is used to allow access to none(SSH connections cannot be made to the RLM).

The host_spec can be a "*" which matches all. This is the same as the all keyword. If the host_spec is a "-", then all access is denied. This is the same as the none keyword.

EXAMPLES

Here are some RLM SSH access control examples:

Granting RLM SSH access to only one IP address, 10.42.69.20.

options rlm.ssh.access host=10.42.69.20

Granting RLM SSH access to all hosts with prefix matching 3FFE:81D0:107:2082.

options rlm.ssh.access host=3FFE:81D0:107:2082::1/64

Disallow all access to the RLM.

options rlm.ssh.access none

Granting RLM SSH access to only two hosts, identified by their host names.

options rlm.ssh.access host=champagne,tequilla

Granting RLM SSH access to any hosts in the 10.42.69.0 subnet.

options rlm.ssh.access host=10.42.69.1/24

Allowing all IP addresses and hosts to access the RLM via SSH.

options rlm.ssh.access all

SEE ALSO

na_options(1),


Table of Contents