Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSH question

Posted on 2012-03-12
1
Medium Priority
?
252 Views
Last Modified: 2012-03-13
I have a question about this scenerio:

CORESW------->REMOTE SITE ROUTER|-------->Access Switch1
                                                        |-------->Access Switch2
                                                        |-------->Access Switch3

So when doing SSH from CORESW, if I want to apply ssh only from CORESW, what needs to be done. To carify more, so that users can't do SSH direct to Access SW1,2 and 3. I know they have to SSH to CORESw first. But I don't want them to SSH from REMOTE SITE ROUTER or SSH from Access Switch1 to Access Switch2 or 3. All I want them to SSH to CORESW and then from there they can SSH to any devices.
Is this consired good practice or not?
0
Comment
Question by:tech1guy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 10

Accepted Solution

by:
mat1458 earned 2000 total points
ID: 37713163
You would do that  by configuring a standard ip access list containing the ip address of the core switch (probably the ip ssh source-interface address) and then apply it as incoming access-class to the line vty 0 4 or line vty 0 15.

The question about good practice: Normally it's the network support people that need to log into a switch. They do that either for fun or when something is considered as broken in the network. By adding an additional hop everything takes longer without really adding more security. If you want to secure your switches use use access lists that cover the IP address range of your engineers/operators and set up a TACACS server with accounting and logging.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question