Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
1
Replies

SSH on a different port.........

DAVID RICHWALSKI
Level 1
Level 1

‎10-29-2016 05:03 PM - edited ‎03-05-2019 07:23 AM

HI...

I run SSH on a DIFFERENT PORT so I can access the router from (INTERNAL NETWORK)  and (REMOTELY INTERNET)......from PC or my ANDROID

PROBLEM: when I do a PORT SCAN.......the SSH PORT shows as "OPEN"

QUESTION:  How can I SECURE the SSH PORT and still have access BOTH .......INSIDE and OUTSIDE ???

I run SSH 2.0 only......

Here are the relevant parts of the config file.........

ip ssh authentication-retries 5
ip ssh port xxxx rotary 1
ip ssh logging events
ip ssh version 2

access-list 101 remark ---SSH---
access-list 101 permit tcp any any eq xxxx log

The above ACL is applied to the EXTERNAL (INTERNET) interface

line vty 0 4
exec-timeout 20 0
privilege level 15
password 7 xxxxxxxxxxxxx
login authentication local_auth
rotary 1
transport preferred ssh
transport input ssh
transport output ssh

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎10-30-2016 12:32 AM

Although you still could strengthen your SSH, the config is what has to be done to make SSH work on a different port. And that is all it does, it does not secure SSH, it will just clean up the logs a little bit.

If there is still access on TCP/22, then I would suspect that there are other lines in your external ACL that allow that.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card