The ssh ipv6 server-source command specifies an IPv6 source address for an SSH server.
The undo ssh ipv6 server-source command deletes the source IPv6 address of the SSH server.
By default, the source IPv6 address of the SSH server is ::.
ssh ipv6 server-source -a ipv6-address [ -vpn-instance vpn-instance-name ]
undo ssh ipv6 server-source
| Parameter | Description | Value |
|---|---|---|
-a ipv6-address |
Specifies the source IPv6 address of a SSH server. |
The IPv6 address (X:X:X:X:X:X:X:X) is in 32-bit hexadecimal format. |
-vpn-instance vpn-instance-name |
Specifies the name of a VPN instance. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. The VPN instance name cannot be _public_. If double quotation marks are used at both ends of a character string, you can enter spaces in the character string. |
Usage Scenario
By default, the SSH server receives login requests from all IPv6 addresses, which reduces system security. To improve system security, you can run the ssh ipv6 server-source command to specify the source IPv6 address of the SSH server to allow only authorized users to log in to the SSH server.
Prerequisites
Before specifying a VPN instance on the SSH server, ensure that a VPN instance has been created. Otherwise, the command cannot be executed successfully.
Configuration Impact
After the source IPv6 address of the SSH server is specified, the system allows SSH users to log in to the server using only the specified IPv6 address. SSH users that log in to the server using other interfaces or addresses are denied. However, SSH users that have logged in to the server are not affected. Only subsequent SSH users that log in to the server are restricted.
Precautions
After the IPv6 source address of the SSH server is specified using this command, ensure that SFTP or SSH users can communicate with the specified IPv6 source address at Layer 3 so that authorized SFTP or SSH users can log in to the SSH server successfully.
If the specified IPv6 source address is bound to a VPN instance, the SSH server is bound to the VPN instance.