Page MenuHomeVyOS Platform

create more robust access controls for sshd and snmpd
Open, WishlistPublicFEATURE REQUEST

Description

By default both ssh and snmp leak information if open to the public. In some scenarios it is not feasible to use network ACL´s to restrict access. I suggest:

ssh:
set service ssh allowed-clients <ip / address / network-group>

resulting config:
/etc/hosts.allow
sshd: <ip address>

/etc/hosts.deny
sshd: ALL
snmp:
If all snmp communities have IP addresses assigned to them then:

resulting config:
/etc/hosts.allow
snmpd: <community ips>

/etc/hosts.deny
snmpd: ALL

I have this implemented through a postconfig script and it works great.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)