Solved

SSH question

Posted on 2012-03-12
1
247 Views
Last Modified: 2012-03-13
I have a question about this scenerio:

CORESW------->REMOTE SITE ROUTER|-------->Access Switch1
                                                        |-------->Access Switch2
                                                        |-------->Access Switch3

So when doing SSH from CORESW, if I want to apply ssh only from CORESW, what needs to be done. To carify more, so that users can't do SSH direct to Access SW1,2 and 3. I know they have to SSH to CORESw first. But I don't want them to SSH from REMOTE SITE ROUTER or SSH from Access Switch1 to Access Switch2 or 3. All I want them to SSH to CORESW and then from there they can SSH to any devices.
Is this consired good practice or not?
0
Comment
Question by:tech1guy
1 Comment
 
LVL 10

Accepted Solution

by:
mat1458 earned 500 total points
ID: 37713163
You would do that  by configuring a standard ip access list containing the ip address of the core switch (probably the ip ssh source-interface address) and then apply it as incoming access-class to the line vty 0 4 or line vty 0 15.

The question about good practice: Normally it's the network support people that need to log into a switch. They do that either for fun or when something is considered as broken in the network. By adding an additional hop everything takes longer without really adding more security. If you want to secure your switches use use access lists that cover the IP address range of your engineers/operators and set up a TACACS server with accounting and logging.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now