cancel
Showing results for 
Search instead for 
Did you mean: 

deny ssh access from a specific internet facing port

deny ssh access from a specific internet facing port

Rod_Robertson2
Contributor
I need to deny any SSH access ( switch management ) from a specific port that the internet is connected to the internet . ( basically i want to stop any response from the switch from an specific port

The Switch still needs to be ssh accessible from the internal secure network.

I already run a Switch Manage policy for SSH/TELNET/and web. which are working as expected.

9 REPLIES 9

Drew_C
Valued Contributor III

Thanks for all your input .. I'm going for franks option , in disabling ssh2 on the vr-default , and enable on Vr-mgmt so internally w e can get to the switch , externally hopefully they ( alleged hackers ) get no response what so ever , so in future they have nothing to help there attack.

Basically I need to test this before I suggest this to my customer ..

Many thanks everyone..

What if you add an ingress ACL on that port that deny traffic to the switch IP and only allow the needed connections ( BGP peers etc..)

Drew

We already do this and it works , we limit what internal networks and specific IP addresses can access the switch , on SSH2 , telnet and SNMP .what I want to stop , is any response from the switch to the external addresses that are trying to access the switch IP via SSH2 ( janet address ). Currently the extrenal users ( lets call them hackers ) still receive an SSH2 prompt to sigh on ..I need this to stop ..
GTM-P2G8KFN