Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3523
Views
5
Helpful
16
Replies

How to close port 22 / SSH on external interface

Rastan84
Level 1
Level 1

‎03-17-2023 04:07 AM

Hello. If I check my static external IP address on https://www.yougetsignal.com/tools/open-ports/

It says that port 22 is open on it. 

ISP is plugged to my Cisco 2901. 

How do I make sure the port 22 (SSH) is not open to public? 

I tried following suggestions I found on other discussions here but couldn't succeed. I'm not an expert at all here. 

Could someone please assist? 

1 person had this problem
Labels:
16 Replies 16

rhallinan7387
Level 1
Level 1
In response to Joseph W. Doherty

‎03-17-2023 09:31 AM

Completely agreed. It seems like getting an ACL with this will be the bare minimum to prevent the SSH port (and who knows what others) accessible from the internet. This is the link to the general Cisco IOS hardening guidelines which can provide some more comprehensive guidelines. https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to rhallinan7387

‎03-17-2023 10:09 AM

Nice!

One way to approach, what I was suggesting, in your reference is here.

The document's suggestion is more generic in its ACEs and application, but same concept, i.e. "Infrastructure ACLs leverage the idea that nearly all network traffic traverses the network and is not destined to the network itself.", which is often especially true when traffic is sourced from the Internet.

Customers Also Viewed These Support Documents