Skip to Content

SiePortal

The integrated platform for your product selection, buying and support workflow - bringing together Industry Mall and Online Support.

SiePortalDeutsch

Search

Home
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menu temporary not available
- Menu temporary not available
- Menue temporary not available
- {{item.title}}

Products & Services
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
MySiePortal MySiePortal
{{(apiData.MySiePortal | filter:{'rank':1}:true)[0].title}} MySiePortal
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
Cart ({{apiData.CartCount}})

Navigation

Restrict SSH Access to One NIC

Created by: NISARG at: 12/9/2020 6:05 PM (4 Replies)

Rating (0)

Thanks 2

5 Entries

12/9/2020 6:05 PM	Rate (0)
NISARG Posts: 22 Rating: (0)	Hi, I am trying to restrict SSH access to only X1P2 (192.168.200.1) port which is connected to a local PLC network and block all connections on X1P1 (dhcp/static) port which is used to connect the IOT2050 to the internet. I don't want the device publicly accessible via SSH through Internet hence X1P1 SSH blocking is required. I did google and came across this article which does the trick: Restrict SSH to one interface However, it works after making the modification and restarting the SSH service. However, after a reboot of the IOT device, all SSH connections are blocked both on the X1P2 and X1P1 port (very strange). However, I have to restart the SSH service every time. Is there a fix or a better way to do this? It seems like the settings made in SSHD_config file are not updated after a device restart. File modified: /etc/ssh/sshd_config Uncommented: #ListenAddress 192.168.200.1 Restarted the SSH service:systemctl restart ssh.service Thanks, Nisarg
NISARG Posts: 22 Rating: (0)
Suggestion To thank Quote Answer

12/10/2020 3:45 PM	Rate (0)
Fe_lipe Silver Member Joined: 12/12/2016 Last visit: 4/8/2024 Posts: 640 Rating: (60)	Hello Nisarg, Thanks a lot for your tests, we will have a deeper look into this! An unelegant solution for now would be to run a script at startup to restart the ssh service? You could use crontab for this. The most elegant solution on the other hand would be to block port 22 on eth1 using a firewall (iptables/nftables) but in this case we would need a fresh image based on the master-branch, as we would require some underlying fixes that were commited after the Example Image V1.0.2 Release. Best regards!!

Suggestion To thank Quote Answer

12/11/2020 10:25 PM	Rate (0)
NISARG Posts: 22 Rating: (0)	Hi Fe_lipe, I did install the cron package using apt-get install cron command. I also scheduled a cron job using the crontab -e command. And added the following line to run the code to restart the ssh service @reboot systemctl restart ssh.service but its still not working. Could you try it out on your end or perhaps any other way it could work?
NISARG Posts: 22 Rating: (0)	Last edited by: NISARG at: 12/11/2020 22:25:28
Suggestion To thank Quote Answer

12/15/2020 12:39 PM	Rate (0)
Fe_lipe Silver Member Joined: 12/12/2016 Last visit: 4/8/2024 Posts: 640 Rating: (60)	Hello Nisarg, Do you mean the crontab or your restart command is not working? Maybe the ssh service takes a while to start.. You can try adding the script in the attachment to the base directory of your IOT and then editing the cronjob like this: Notice that the script will also create a file in your user directory. How have you been testing the sytemctl command before? Over FDTI cable? For me this command results in a timeout if I'm simultaneously connected over SSH. BR Attachment ssh-restart.zip (532 Downloads)
	Last edited by: Fe_lipe at: 12/15/2020 12:39:41
Suggestion To thank Quote Answer

12/24/2020 10:15 PM	Rate (0)
NISARG Posts: 22 Rating: (0)	Thank you @Fe_lipe. That worked as expected.. I was missing the sleep 10 to add a 10 s delay on startup. Without, the delay it wasn't working but a 10 sec delay is not a big deal :). Thank you,
NISARG Posts: 22 Rating: (0)
Suggestion To thank Quote Answer
This contribution was helpful to 2 thankful Users Fe_lipe bergmanu

|

Share this page:

Share this page on...

Follow us on