This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

deny ssh access from a specific internet facing port

deny ssh access from a specific internet facing port

Rod_Robertson2
Contributor

‎11-08-2016 12:40 PM

I need to deny any SSH access ( switch management ) from a specific port that the internet is connected to the internet . ( basically i want to stop any response from the switch from an specific port

The Switch still needs to be ssh accessible from the internal secure network.

I already run a Switch Manage policy for SSH/TELNET/and web. which are working as expected.

0 Kudos
9 REPLIES 9

Frank
Contributor II

‎11-08-2016 01:07 PM

If the Internet is on a different VR than your internal network, you can limit ssh to only listen on a VR - for instance "enable ssh2 vr VR-Mgmt" to only listen on the management port/vr

0 Kudos

Frank
Contributor II
In response to Frank

‎11-08-2016 01:07 PM

My memory is spotty - I would start saying "enable ssh2 vr vr-mgmt" and see if that took it off vr-default. Don't want to leave you hanging without ssh or a long console cable.

0 Kudos

Rod_Robertson2
Contributor
In response to Frank

‎11-08-2016 01:07 PM

For this external switch ( internet one side , firewall the other ) we are using vr vr-default ..
Thought the ip address of the switch for management is on vr-mgmt ..

So basically
I would disable ssh2 vr vr-default , enable ssh2 vr vr-mgmt ..
That should stop the external hits we are getting for ssh..

0 Kudos

Rod_Robertson2
Contributor

‎11-08-2016 12:55 PM

X670-48X 15.3.3.5-patch1-2

I really want to stop any response at all (BANNER etc ) ... other than the log
0 Kudos

Mike_Thomas
Extreme Employee

‎11-08-2016 12:41 PM

What is the device / product type your working with, and what firmware revision?
0 Kudos
Top
GTM-P2G8KFN