Solved: Skyline Alert - NSXv-EdgeSSH100percentdiskusage-KB...

secops · ‎12-20-2020

I am seeing this alert being applicable for three different NSX edges, however neither https://kb.vmware.com/s/article/2150467 or the skyline alert state which IP address or interface is exposed.

One of the NSX edges has an ip address that should not be reachable from the internet.
Two of the NSX edges have a number of interfaces, some of which are reachable from the internet and some which are not.

The resolution is "To resolve the issue, block SSH connectivity to the Edge Service Gateway from external IP addresses."

Q. Where is access being tested from? Alternatively, is there a setting somewhere to disable the SSH port for an interface?
Q. How do I determine which Interface SSH needs to be blocked on, as that information isn't provided in the alert?

AjayChananaVMwa · ‎12-21-2020

Hello @secops ,

Skyline does not test access from external sources. Alternative it checks configuration on NSX Edge, if SSH is enabled or not.

To disable SSH on NSX please follow below article.

https://docs.vmware.com/en/VMware-Cloud-Director/8.20/com.vmware.vcloud.tenantportal.doc/GUID-BB23C4...

Name of the edge server is listed in the recommendation for which the SSH needs to be disabled.

Sincerely,
Ajay Chanana
Skyline Support Moderator
MCSE-2003/2008|RHCA|VCP-5/6/VCAP-6

View solution in original post

AjayChananaVMwa · ‎12-21-2020

Hello @secops ,

Skyline does not test access from external sources. Alternative it checks configuration on NSX Edge, if SSH is enabled or not.

To disable SSH on NSX please follow below article.

https://docs.vmware.com/en/VMware-Cloud-Director/8.20/com.vmware.vcloud.tenantportal.doc/GUID-BB23C4...

Name of the edge server is listed in the recommendation for which the SSH needs to be disabled.

Sincerely,
Ajay Chanana
Skyline Support Moderator
MCSE-2003/2008|RHCA|VCP-5/6/VCAP-6

All

Skyline Alert - NSXv-EdgeSSH100percentdiskusage-KB#2150467

NSX_Edge

Skyline