Solved

SSH question

Posted on 2012-03-12
1
246 Views
Last Modified: 2012-03-13
I have a question about this scenerio:

CORESW------->REMOTE SITE ROUTER|-------->Access Switch1
                                                        |-------->Access Switch2
                                                        |-------->Access Switch3

So when doing SSH from CORESW, if I want to apply ssh only from CORESW, what needs to be done. To carify more, so that users can't do SSH direct to Access SW1,2 and 3. I know they have to SSH to CORESw first. But I don't want them to SSH from REMOTE SITE ROUTER or SSH from Access Switch1 to Access Switch2 or 3. All I want them to SSH to CORESW and then from there they can SSH to any devices.
Is this consired good practice or not?
0
Comment
Question by:tech1guy
1 Comment
 
LVL 10

Accepted Solution

by:
mat1458 earned 500 total points
ID: 37713163
You would do that  by configuring a standard ip access list containing the ip address of the core switch (probably the ip ssh source-interface address) and then apply it as incoming access-class to the line vty 0 4 or line vty 0 15.

The question about good practice: Normally it's the network support people that need to log into a switch. They do that either for fun or when something is considered as broken in the network. By adding an additional hop everything takes longer without really adding more security. If you want to secure your switches use use access lists that cover the IP address range of your engineers/operators and set up a TACACS server with accounting and logging.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSH over WAN for PCI Compliance 3 81
Thin secure Windows 10 5 75
McAfee LiveSafe firewall is blocking a safe website 3 88
SIEM traffic 5 42
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now