Routing
Highlighted
Routing

How to disable SSH

‎11-15-2011 04:05 AM

Hi ,

 

I need to disable SSH from outside network but need to enable from inside LAN.

 

Can you Please help me.

 

Thanks,

 

Nils

4 REPLIES 4
Highlighted
Routing

Re: How to disable SSH

‎11-15-2011 08:40 AM

Hi,

 

You can achive this by setting up loopback 0 firewall filter.

 

set firewall family inet filter lo0_FF term 1 from source-prefix-list LAN
set firewall family inet filter lo0_FF term 1 from port ssh
set firewall family inet filter lo0_FF term 1 then accept
set firewall family inet filter lo0_FF term 2 from port ssh
set firewall family inet filter lo0_FF term 2 then reject

set policy-options prefix-list LAN 1 <Your lan prefix>

 

set interfaces lo0 unit 0 family inet filter input lo0_FF 

set interfaces lo0 unit 0 family inet filter output lo0_FF 

Highlighted
Routing

Re: How to disable SSH

‎11-15-2011 10:39 AM

Your example is incomplete.  You also need to add a third term that accepts all remaining traffic types to the loopback address.  Your first term accepts the desired ssh source.  The second term rejects all other ssh sources.  Then the third step is to permit all remaining traffic.

 

See a full description of the loopback filter needed for this function in the day one tips forum.

 

http://forums.juniper.net/t5/Day-One-Tips-Contest/Technique-Securing-routing-engine-for-out-of-band-...

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
Routing

Re: How to disable SSH

‎11-16-2011 06:59 AM

Thanks Steve. Yes need thrid term to accept other traffice.

Highlighted
Routing

Re: How to disable SSH

‎12-14-2011 06:07 AM

Hi,

 

Thanks all.

 

I will try ant let you know if having any issue.

Feedback