SSH on non standard ports

[mtoadmin]

Hello everyone,

I'de like to block SSH on non standard ports. So far so good. But I also would like to allow SSH on a specific non standard port different from 22.
For example 22 and 229: allow SSH v2. Any other ports, SSH disallowed.
Does anyone know how to achieve this ?

thanks

mtoadmin
PS: I am current using NGX

[kva.kva]

Add TCP service 229, edit its avanced properties. You need change Protocol Type to SSH2.

About blocking - check SmartDefence -> Application Intelligence -> VPN Protocols -> SSH -> Detect SSH over Non Standard Ports

[mtoadmin]

This was our first try but it didn't seem to work (at least for us)
Did you test this ?
We are on NGX
If you look in updates.def inspect code, it seems coded as 22 only. I'm trying to modify this file.

thanks

[mtoadmin]

ok, found it.
In updates.def

change as follow:

#define SSH_PORT_NUMBER 22
#define SSH_PORT_NUMBER2 229

#define ADP_SSH_V2_MATCH \
(tcp, syn, not ack,((dport=SSH_PORT_NUMBER) or (dport=SSH_PORT_NUMBER2)),ADP_SSH_V2_VER2_ONLY)

#define ADP_SSH_NO_22_MATCH \
( \
tcp, syn, not ack, \
dport != SSH_PORT_NUMBER, dport != SSH_PORT_NUMBER2, \
( \
ADP_SSH_NO_22_ACTION = SSH_BLOCK_WRONG_PORTS \
or \
ADP_SSH_NO_22_ACTION = SSH_NO_22_VER_2_ONLY \
) \
)