FEATURE REQUEST: SSH password guessing handling
-
First, ssh password guessing can also be people typing in the wrong password ... Anyway, the best way to resolve this is not expose SSH directly to the internet and use VPN.
You can turn off firewalla SSH settings->advanced->configurations->ssh
And if you want to block, then use rules to block local network see https://help.firewalla.com/hc/en-us/articles/4408644783123-Building-Network-Segments
-
You can turn off firewalla SSH settings->advanced->configurations->ssh
There is no ssh section. There is "SSH Console" section and in that section there is no turn off option. The comment in that sections says that SSH service is always on, and can't be turned off. I never generated a password so far. But there are people who are trying to guess the password on the local network.
I have Segmented Network already. 2 separate LANs. I just want to block SSH access to Firewalla router on a specific network/LAN only.
The network is 192.168.50.1/24 but I can't block "192.168.50.1:22"
I get error message saying I can't block Firewalla box.
What is the right way to do this?
-
@Firewalla
I found that the turn off buttons/switches appears in the SSH Console section when you create a password which is great.
I have two requests:
1. Can you please let users decide the length of the password? For example: Min 10, max: 30 etc.
2. Can you please enable one of the following use cases for users? Ideally both of them would be great!
- Users can use turn off switches in non-password created state as well.
- Users can add a rule manually to block port 22 for router IP address. In case we decide to use that port for something else.
I believe these are reasonable requests.
-
This is important. I have a flow setup and allows me to manually block the IP's that the router identifies are guessing the SSH password. I add a couple every day. Firewalla would benefit from an automatic routine to block these, rather than making me manually block them every 8 or 10 hours.
Please sign in to leave a comment.
Comments
5 comments