Disable SSH Login Using External IP [SOLVED]


#1

My company has setup a Network Appliance running Vyos as the router/firewall for our web servers hosted at the local data centre.

They want me to disable the SSH login via the external IP.
If configuration is needed, we will VPN to the network, then login via the internal IP.

First of all, is this possible?
For the moment I am assuming it is.

Secondly, how to do this.
I am thinking of disabling SSH protocol on the external IP…

Thanks for any help!


#2

You can make VyOS only listen for SSH requests on its LAN IP by:
set service ssh listen-address

Alternatively, use WAN_LOCAL firewall rules to block SSH. (I hope you already are using WAN_LOCAL rules, since they protect the box itself)


#3

Thanks 16again!

That did the trick.

:slight_smile: