Controllerless Networks

Reply
Contributor I

How could i have change SSH port of controller from 22 to other port?

I would like to change SSH port of controller to other port, Is it how be able?

 

Thank you

Guru Elite

Re: How could i have change SSH port of controller from 22 to other port?

You cannot, unfortunately.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: How could i have change SSH port of controller from 22 to other port?

well, you cannot as a supported CLI option, but, you could get creative and setup a dst-nat to handle your desired "hidden" ssh port, allow a trusted host or two, and then block all other port 22 traffic.

 

# create a remapping ACL where
# 1.2.3.4 is a trusted internal host
# which you should have in case you make
# any mistake in this process (else you may
# be locked out, or, have to use webui to fix)
ip access-list session remap-ssh
  host 1.2.3.4 any any  permit 
  any   alias mswitch tcp 12345  dst-nat 22 log 
  any any svc-ssh  deny log 
  any any any  permit 
!

# now apply to the controller uplink, make sure
# you are connected from 1.2.3.4 when you do this !!
(620) (config) #interface gigabitethernet 1/8 
(620) (config-if)#ip access-group remap-ssh session 
(620) (config-if)#exit

now test it from any host that is not 1.2.3.4:

root@kali-246:~# ssh admin@1.2.3.254

^C
root@kali-246:~#

Mar 7 14:37:16 :124006:  <WARN> |authmgr|  {0} TCP srcip=1.2.3.246 srcport=50132 dstip=1.2.3.254 dstport=22, action=deny, policy=remap-ssh
Mar 7 14:37:17 :124006:  <WARN> |authmgr|  {1} TCP srcip=1.2.3.246 srcport=50132 dstip=1.2.3.254 dstport=22, action=deny, policy=remap-ssh

and now using the specified port, 12345

root@kali-246:~# ssh -p 12345 admin@1.2.3.254
admin@1.2.3.254's password: 
Last login: Wed Mar  7 14:32:20 2018 from 1.2.3.4


(620) # profit
(620) # show log security 5 | include remap
Mar 7 14:37:31 :124006:  <WARN> |authmgr|  {2} TCP srcip=1.2.3.246 srcport=59634 dstip=1.2.3.254 dstport=12345, action=dst-nat 22, policy=remap-ssh

hth.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: