Restrict SSH access to the SEM CMC interface

Users who have CMC command-line interface (CLI) access can connect to the SEM VM and perform administrative tasks. You can restrict SSH access to the CMC interface by IP address or host name. This optional procedure blacklists everyone from logging in to the CMC interface except those users who connect from an explicitly allowed IP address or host name.

To restrict SSH access to the CMC command line:

  1. Open the CMC command line. See Log in to the SEM CMC command line interface for steps.

  2. Type service, and then press Enter.
  3. Type restrictssh, and then press Enter.
  4. Complete the wizard to limit access to the SEM cmc console by IP address or host name. You can enter multiple addresses and host names separated by a space.

Test the restriction by attempting to log in from a blacklisted host or IP address. Repeat the test to confirm that you can log in from whitelisted hosts and IP addresses.

To remove access restrictions from the CMC interface

Complete the steps to allow users from any IP address or host name to access the CMC interface using SSH.

  1. Open the CMC command line. See Log in to the SEM CMC command line interface for steps.
  2. Type service, and then press Enter.
  3. Type unrestrictssh, and then press Enter.
  4. Complete the wizard to remove access restrictions.

Test the restriction by logging in from a previously blacklisted host or IP address.