SSH by default uses port 22
on a cisco router you can change the port to another port
let's say using port 800
in this case you need to login the router and issue the command
#ip ssh port 800 rotary 1 ! this command will instruct the router SSH to use port 800 in addition to original port
then you need to tell the VTY to use the rotary group 1 so issue the command
#rotary 1
now you have to prevent the old port which is 22 from being used for SSH connection and that's can be done by ACL, so let's create ACL that will permit the port 800 and deny any other
#ip access-list extended SSH
#permit tcp any any eq 800
#deny ip any any
then login to Line VTY again and issue the command #access-class SSH in
and this would apply the new ACL named SSH to the line VTY interface
you can add more flavours for the source you want to permit SSH connections.
now you can test connecting SSH using both ports and you should get connection refused for port 22 and connection via new port (800) should be ok.
on a cisco router you can change the port to another port
let's say using port 800
in this case you need to login the router and issue the command
#ip ssh port 800 rotary 1 ! this command will instruct the router SSH to use port 800 in addition to original port
then you need to tell the VTY to use the rotary group 1 so issue the command
#rotary 1
now you have to prevent the old port which is 22 from being used for SSH connection and that's can be done by ACL, so let's create ACL that will permit the port 800 and deny any other
#ip access-list extended SSH
#permit tcp any any eq 800
#deny ip any any
then login to Line VTY again and issue the command #access-class SSH in
and this would apply the new ACL named SSH to the line VTY interface
you can add more flavours for the source you want to permit SSH connections.
now you can test connecting SSH using both ports and you should get connection refused for port 22 and connection via new port (800) should be ok.
No comments:
Post a Comment