Setting up SSH connections on PIX 525

[Tokyo01]

Hi

I need to set up an SSH connection to allow an external support company to access a server on our network, but I'm not sure how to do it.

We currently have three interfaces on the firewall (inside, outside & dmz). The server is currently on the inside network, would it be better to move it to the dmz? We are using Pix Firewall version 5.0(3).

Any help/info appreciated.

Thanks

Steve

 

[yizhar]

HI.

Yes, if you can it's good practice to put the server in DMZ so it can not be used to access other inside hosts.

Like most other services, you'll need a STATIC command to give the server public ip, and a CONDUIT or ACCESS-LIST to permit traffic on port 22 or the port used for SSH.

You should allow SSH only from the source ip address/range of the remote support company.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[tom11011]

I don't see any reason to place it in a dmz. Just control what ports are open to your servers and keep up with patches.

Here is the command from my pix 515.

conduit permit tcp host 128.128.128.128 eq 22 any