Manual Pages


Table of Contents

NAME

na_spaccess - Describes SSH access control to the SP.

DESCRIPTION

The access control functionality for the Service Processor (SP) provides a method to restrict SSH access to the SP.

USAGE

The syntax is as follows:

options sp.ssh.access host_spec

host_spec is defined as:

host[=|!=]host_list
all
none
*

host_list is a comma-separated list consisting of either a host name, an IP address, or an IP address with a netmask. A valid host name is a string and cannot contain the following characters: "=", "(", ")", "!", "*", and ",". The IP address can be either an IPv4 address or IPv6 address. An IPv4 address is of the format aaa.bbb.ccc.ddd. If the IP address contains a netmask, then the format is: aaa.bbb.ccc.ddd/mm where mm represents the number of bits from the left. An IPv6 address is of the format aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh. If the IPv6 address contains a prefixlen, then the format is: aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh/mm where mm represents the number of bits from the left.

The default value is * - everyone is allowed access to the SP.

The keyword all is used to grant access to all hosts. The keyword none is used to allow access to none(SSH connections cannot be made to the SP).

The host_spec can be a "*" which matches all. This is the same as the all keyword. If the host_spec is a "-", then all access is denied. This is the same as the none keyword.

EXAMPLES

Here are some SP SSH access control examples:

Granting SP SSH access to only one IP address, 10.42.69.20.

options sp.ssh.access host=10.42.69.20

Granting SP SSH access to all hosts with prefix matching 3FFE:81D0:107:2082.

options sp.ssh.access host=3FFE:81D0:107:2082::1/64

Disallow all access to the SP.

options sp.ssh.access none

Granting SP SSH access to only two hosts, identified by their host names.

options sp.ssh.access host=champagne,tequilla

Granting SP SSH access to any hosts in the 10.42.69.0 subnet.

options sp.ssh.access host=10.42.69.1/24

Allowing all IP addresses and hosts to access the SP via SSH.

options sp.ssh.access all

SEE ALSO

na_options(1),


Table of Contents