Pls help me change SSH settings in Device Console ?

Question

Hello everyone, 
 I am using Sophos XG (Home) v18.5 MR4. I would like to change my SSH listen address to only 192.168.1.1 and port xx ( other than 22). According to Sophos XG's CLI guide, I should be disabling connectivity over SSH first, then re-enabling it with a certain local IP address & port, should I not? 
 I think the steps will be: 
 console> disableremote

console> enableremote port xx serverip 192.168.1.1 
 This will be the 1st time I have ever had to modify something on the terminal, I really want to be cautious when interacting with such fundamental stuff. Hence, I have some questions to ask: 
 
 Did I get the syntax right? Pls correct me if I was wrong. 
 Since disabling remote access at first will disconnect all the active SSH sessions, I should not be doing this while on Putty, but rather having to execute these commands via the admin page's Console, should I ? 
 
 Thank you very much in advance.

LuCar Toni · Accepted Answer

As far as i know, you cannot change the SSH Port. It will stay on Port 22.

Vivek Jagad · Answer

Hello J Thai , Thank you for reaching out to the community, yes the syntax is right !! disableremote Disables remote connectivity over SSH, if enabled. By default it is not enabled. The appliance will no longer listen on port 22 for new connections, and existing ones will be terminated. Refer to enableremote to allow remote SSH connections. https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/index.html

Vivek Jagad · Answer

Hello J Thai , Yup, that was right, I even provided you the command line guide, which will be useful to confirm as well !! Sophos Firewall OS uses a graphical user interface (web admin console) to configure and manage Sophos Firewall. 
 We support most of the commonly used browsers, such as Chrome, Edge, Firefox, and Safari. We recommend that you use the latest browser version. And whether a web base CLI or third party base CLI like putty the protocol remains the same and i.e. SSH Port 22 So, which ever suits for the easy of access it is fine and does not make any difference ! Yup, if you remove the 192.168.1.1 address then you no longer will be able to access that service on that IP. See you provide an ssh access to zone, of any IP interface whether it be VLAN, LAG, normal interface or a bridge interface if it is active and fall into the LAN zone and if you have enabled the SSH on the LAN zone then you will be able to access, but let's say if any of these interface becomes inactive or you remove it manually then you no longer be able to access that service on that IP. Hope this clears your doubts !!

Pls help me change SSH settings in Device Console ?

Top Replies

Submitted a Tech Support Case lately from the Support Portal?