Table of Contents
options rlm.ssh.access host_spec
host_spec is defined as:
host_list is a comma-separated list consisting of either a host name, an IP address, or an IP address with a netmask. A valid host name is a string and cannot contain the following characters: "=", "(", ")", "!", "*", and ",". The IP address can be either an IPv4 address or IPv6 address. An IPv4 address is of the format aaa.bbb.ccc.ddd. If the IP address contains a netmask, then the format is: aaa.bbb.ccc.ddd/mm where mm represents the number of bits from the left. An IPv6 address is of the format aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh. If the IPv6 address contains a prefixlen, then the format is: aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh/mm where mm represents the number of bits from the left.
The default value is * - everyone is allowed access to the RLM.
The keyword all is used to grant access to all hosts. The keyword none is used to allow access to none(SSH connections cannot be made to the RLM).
The host_spec can be a "*" which matches all. This is the same as the all keyword. If the host_spec is a "-", then all access is denied. This is the same as the none keyword.
Granting RLM SSH access to only one IP address, 10.42.69.20.
options rlm.ssh.access host=10.42.69.20
Granting RLM SSH access to all hosts with prefix matching 3FFE:81D0:107:2082.
options rlm.ssh.access host=3FFE:81D0:107:2082::1/64
Disallow all access to the RLM.
options rlm.ssh.access none
Granting RLM SSH access to only two hosts, identified by their host names.
options rlm.ssh.access host=champagne,tequilla
Granting RLM SSH access to any hosts in the 10.42.69.0 subnet.
options rlm.ssh.access host=10.42.69.1/24
Allowing all IP addresses and hosts to access the RLM via SSH.
options rlm.ssh.access all
Table of Contents