How to block ssh access to PVE node?

N

NVroom

New Member
Jun 15, 2016
10
0
1
26
Hi,

I'm trying to block all ssh access to proxmox PVE node using firewall in the webgui with no luck. I am not using a cluster so those features dont matter to me.

I'm wondering if there is any other way to do this or to somehow get the firewall to work? I have tried all possible combinations yet ssh is still accessible.

Thanks.
 
Do you want to disable SSH for good? Just disable the service, e.g. systemctl disable ssh
You can change the port or apply further restrictions in the main configuration file in /etc/ssh/sshd_config. Please read the manpage for each configuration option.

There are literally hundreds of possibilities to disable "ordinary" SSH. Simple change of the port, restricting to only-key-based access or special users, special src addresses and also the firewall itself. Proxmox VE firewalling is very good, yet not so easy to understand in the beginning. I'd always check the generated iptables rules by hand. IIRC there will be SSH and gui/8006 rules generated automatically.
 
LnxBil said:
Do you want to disable SSH for good? Just disable the service, e.g. systemctl disable ssh
You can change the port or apply further restrictions in the main configuration file in /etc/ssh/sshd_config. Please read the manpage for each configuration option.

There are literally hundreds of possibilities to disable "ordinary" SSH. Simple change of the port, restricting to only-key-based access or special users, special src addresses and also the firewall itself. Proxmox VE firewalling is very good, yet not so easy to understand in the beginning. I'd always check the generated iptables rules by hand. IIRC there will be SSH and gui/8006 rules generated automatically.
Click to expand...
If I disable ssh will it interfere with the console VNC on the Webui?
 
LnxBil said:
I changed the port and I do not notice any problems.

It's so strange to disable SSH, yet use VNC.
Click to expand...

I have disabled password based login, so its secure now. I'm still wanting to know how to use the GUI firewall to block port 22, its not working for me.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back