ssh access from only one physical interface

Answered Question
Jan 29th, 2010

Hi Guys

I've set up ssh on my 3925 router and I would like to allow ssh access from only one physical interface. Is it possible to specify this kind of thing ?

Thanks a lot.

Best Regards,

Nicolas

I have this problem too.
0 votes
Correct Answer by Collin Clark about 6 years 10 months ago

Nicolas-

You bet!

3825-1(config)#ip ssh source-interface ?
  Async               Async interface
  Auto-Template       Auto-Template interface
  BVI                 Bridge-Group Virtual Interface
  CDMA-Ix             CDMA Ix interface
  CTunnel             CTunnel interface
  Dialer              Dialer interface
  FastEthernet        FastEthernet IEEE 802.3
  GMPLS               MPLS interface
  GigabitEthernet     GigabitEthernet IEEE 802.3z
  LISP                Locator/ID Separation Protocol Virtual Interface
  Lex                 Lex interface
  LongReachEthernet   Long-Reach Ethernet interface
  Loopback            Loopback interface
  MFR                 Multilink Frame Relay bundle interface
  Multilink           Multilink-group interface
  Null                Null interface
  Port-channel        Ethernet Channel of interfaces
  Serial              Serial
  Tunnel              Tunnel interface
  Vif                 PGM Multicast Host interface
  Virtual-Dot11Radio  Virtual dot11 interface
  Virtual-PPP         Virtual PPP interface
  Virtual-Template    Virtual Template interface
  Virtual-TokenRing   Virtual TokenRing
  vmi                 Virtual Multipoint Interface

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Collin Clark Fri, 01/29/2010 - 08:14

Nicolas-

You bet!

3825-1(config)#ip ssh source-interface ?
  Async               Async interface
  Auto-Template       Auto-Template interface
  BVI                 Bridge-Group Virtual Interface
  CDMA-Ix             CDMA Ix interface
  CTunnel             CTunnel interface
  Dialer              Dialer interface
  FastEthernet        FastEthernet IEEE 802.3
  GMPLS               MPLS interface
  GigabitEthernet     GigabitEthernet IEEE 802.3z
  LISP                Locator/ID Separation Protocol Virtual Interface
  Lex                 Lex interface
  LongReachEthernet   Long-Reach Ethernet interface
  Loopback            Loopback interface
  MFR                 Multilink Frame Relay bundle interface
  Multilink           Multilink-group interface
  Null                Null interface
  Port-channel        Ethernet Channel of interfaces
  Serial              Serial
  Tunnel              Tunnel interface
  Vif                 PGM Multicast Host interface
  Virtual-Dot11Radio  Virtual dot11 interface
  Virtual-PPP         Virtual PPP interface
  Virtual-Template    Virtual Template interface
  Virtual-TokenRing   Virtual TokenRing
  vmi                 Virtual Multipoint Interface

Hope that helps.

nviturat20 Fri, 01/29/2010 - 08:45

Hi Collin,

Thanks for your quick answer, it helps a lot;

Best Regards,

Nicolas

nviturat20 Mon, 02/01/2010 - 05:28

Hi Collin,

I replied a bit too fast last time. In fact, the answer you gave me it is not what I expect. Maybe I gave a wrong explanation of what I want to get.

So I would like to set up a ssh configuration in order to get a ssh connexion to the router only from one physical interface.

For example, I want to establish a ssh connexion to my router only from the interce fastethernet 0/0/1 and If I try from another interface it would reject the connexion.

Best Regards;

Nicolas

Collin Clark Mon, 02/01/2010 - 06:36

I remember seeing a command in the release notes of 12.4T code somewhere, but I have not been able to find it since (I've been looking for it too). Until we find that command, an ACL on the interface is the only way to restrict it.

Hope that helps.

nviturat20 Mon, 02/01/2010 - 07:55

Hi Collin,

Thank you for your reply. You're right I could use ACL to deny ssh access on

interfaces but I would prefer the command as you mentioned if you find back.

Thanks a lot

Best Regards,

Nicolas

Actions

This Discussion