Documentation forSecurity Event Manager

Restrict SSH access to the SEM CMC interface

Users who have CMC command-line interface (CLI) access can connect to the SEM VM and perform administrative tasks. You can restrict SSH access to the CMC interface by IP address or host name. This optional procedure blacklists everyone from logging in to the CMC interface except those users who connect from an explicitly allowed IP address or host name.

  1. Open the CMC command line.

    See Log in to the SEM CMC command line interface for directions.

  2. Type service, and then press Enter.
  3. Type restrictssh, and then press Enter.
  4. Complete the wizard to limit access to the SEM cmc console by IP address or host name. You can enter multiple addresses and host names separated by a space.

Test the restriction by attempting to log in from a blacklisted host or IP address. Repeat the test to confirm that you can log in from whitelisted hosts and IP addresses.

Remove access restrictions from the CMC interface

Perform the following steps to allow users from any IP address or host name to access the CMC interface using SSH.

  1. Open the CMC command line.

    See Log in to the SEM CMC command line interface for directions.

  2. Type service, and then press Enter.
  3. Type unrestrictssh, and then press Enter.
  4. Complete the wizard to remove access restrictions.
  5. Test the restriction by logging in from a previously blacklisted host or IP address.