This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

deny ssh access from a specific internet facing port

deny ssh access from a specific internet facing port

Rod_Robertson2
Contributor

‎11-08-2016 12:40 PM

I need to deny any SSH access ( switch management ) from a specific port that the internet is connected to the internet . ( basically i want to stop any response from the switch from an specific port

The Switch still needs to be ssh accessible from the internal secure network.

I already run a Switch Manage policy for SSH/TELNET/and web. which are working as expected.

0 Kudos
9 REPLIES 9

Drew_C
Valued Contributor III

‎11-08-2016 01:14 PM

Rod, take a look at this article:
How do you restrict SSH access to an IP addresses range?
0 Kudos

Rod_Robertson2
Contributor
In response to Drew_C

‎11-08-2016 01:14 PM

Thanks for all your input .. I'm going for franks option , in disabling ssh2 on the vr-default , and enable on Vr-mgmt so internally w e can get to the switch , externally hopefully they ( alleged hackers ) get no response what so ever , so in future they have nothing to help there attack.

Basically I need to test this before I suggest this to my customer ..

Many thanks everyone..

0 Kudos

Ron_Huygens
Community Manager Community Manager
Community Manager
In response to Drew_C

‎11-08-2016 01:14 PM

What if you add an ingress ACL on that port that deny traffic to the switch IP and only allow the needed connections ( BGP peers etc..)
0 Kudos

Rod_Robertson2
Contributor
In response to Drew_C

‎11-08-2016 01:14 PM

Drew

We already do this and it works , we limit what internal networks and specific IP addresses can access the switch , on SSH2 , telnet and SNMP .what I want to stop , is any response from the switch to the external addresses that are trying to access the switch IP via SSH2 ( janet address ). Currently the extrenal users ( lets call them hackers ) still receive an SSH2 prompt to sigh on ..I need this to stop ..
0 Kudos
GTM-P2G8KFN