Filtering SSH access using ACLs

Brocade(config)# ip ssh idle-time 30

Syntax: ip ssh idle-time minutes

If an established SSH session has no activity for the specified number of minutes, the Brocade device closes it. An idle time of 0 minutes (the default value) means that SSH sessions never time out. The maximum idle time for SSH sessions is 240 minutes.

Filtering SSH access using ACLs

You can permit or deny SSH access to the Brocade device using ACLs. To use ACLs, first create the ACLs you want to use. You can specify a numbered standard IPv4 ACL, a named standard IPv4 ACL

Enter commands such as the following.

Brocade(config)# access-list 10 permit host 192.168.144.241

Brocade(config)# access-list 10 deny host 192.168.144.242 log

Brocade(config)# access-list 10 permit host 192.168.144.243

Brocade(config)# access-list 10 deny any

Brocade(config)# ssh access-group 10

Syntax: ssh access-groupstandard-named-acl standard-numbered-acl

Terminating an active SSH connection

To terminate one of the active SSH connections, enter the following command

Brocade# kill ssh 1

Syntax: kill ssh connection-id

Displaying SSH information

Up to five SSH connections can be active on the Brocade device.

Displaying SSH connection information

To display information about SSH connections, enter the show ip ssh command.

Brocade# show

ip ssh

Encryption

Username

HMAC

Server Hostkey

IP Address

Connection

Version

Inbound:

SSH-2

3des-cbc

Raymond

hmac-sha1

ssh-dss

10.120.54.2

1

Outbound:

SSH-2

aes256-cbc

Steve

hmac-sha1

ssh-dss

10.37.77.15

6

SSH-v2.0 enabled; hostkey: DSA(1024), RSA(2048)

72

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 92
Image 92
Brocade Communications Systems 6650 manual Filtering SSH access using ACLs, Terminating an active SSH connection