I am seeing this alert being applicable for three different NSX edges, however neither https://kb.vmware.com/s/article/2150467 or the skyline alert state which IP address or interface is exposed.
One of the NSX edges has an ip address that should not be reachable from the internet.
Two of the NSX edges have a number of interfaces, some of which are reachable from the internet and some which are not.
The resolution is "To resolve the issue, block SSH connectivity to the Edge Service Gateway from external IP addresses."
Q. Where is access being tested from? Alternatively, is there a setting somewhere to disable the SSH port for an interface?
Q. How do I determine which Interface SSH needs to be blocked on, as that information isn't provided in the alert?
Hello @secops ,
Skyline does not test access from external sources. Alternative it checks configuration on NSX Edge, if SSH is enabled or not.
To disable SSH on NSX please follow below article.
Name of the edge server is listed in the recommendation for which the SSH needs to be disabled.
Hello @secops ,
Skyline does not test access from external sources. Alternative it checks configuration on NSX Edge, if SSH is enabled or not.
To disable SSH on NSX please follow below article.
Name of the edge server is listed in the recommendation for which the SSH needs to be disabled.