From Juniper SRX SG NDM Security Technical Implementation Guide
Part of SRG-APP-000142-NDM-000245
Associated with: CCI-000382
Use this configuration option to prevent a user from creating an SSH tunnel over a CLI session to the Juniper SRX via SSH. This type of tunnel could be used to forward TCP traffic, bypassing any firewall filters or ACLs, allowing unauthorized access.
Use the CLI to view this setting for disabled for SSH. [edit] show system services ssh If TCP forwarding is not disabled for the root user, this is a finding.
From the configuration mode, enter the following commands to disable TCP forwarding for the SSH protocol. [edit] set system services ssh no-tcp-forwarding
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer