My company has setup a Network Appliance running Vyos as the router/firewall for our web servers hosted at the local data centre.
They want me to disable the SSH login via the external IP.
If configuration is needed, we will VPN to the network, then login via the internal IP.
First of all, is this possible?
For the moment I am assuming it is.
Secondly, how to do this.
I am thinking of disabling SSH protocol on the external IP…
Thanks for any help!
16again
2
You can make VyOS only listen for SSH requests on its LAN IP by:
set service ssh listen-address
Alternatively, use WAN_LOCAL firewall rules to block SSH. (I hope you already are using WAN_LOCAL rules, since they protect the box itself)
ofh
4
Can you tell a litle more about this 
It is just a firewall from the WAN (external) network destined to router itself
ofh
6
set service ssh listen-address
Did the trick, thanks
