Hi Steelblue,
1. The ssh server acl command takes effect
only for SSH users. And the acl inbound
command takes effect for both telnet and SSH users.
2. The ssh login
process is as follows: After the TCP three-way handshake is established and the
SSH negotiation is performed, the user name and password are verified. After
the authentication succeeds, the vty resource is applied for. After the vty
resource is successfully applied for, the user can log in to the device.
Therefore, The acl inbound takes effect when the vty
resource is applied for. The ssh server
acl takes effect when the tcp is connected.
The SSH service contains
multiple login protocols. Some protocols do not need to apply for vty
resources. When a TCP connection is established, the user cannot know which
protocol to log in to, and the vty authentication process is not performed.
Therefore, invalid IP addresses cannot be intercepted in vty mode. Therefore, during
network deployment, you are advised to configure the SSH mode to restrict user
rights.