The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH.

From Juniper SRX SG NDM Security Technical Implementation Guide

Associated with: CCI-000054

SV-81039r1_rule The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH.

Vulnerability discussion

The connection-limit command limits the total number of concurrent SSH sessions. To help thwart brute force authentication attacks, the connection limit should be as restrictive as operationally practicalJuniper Networks recommends the best practice of setting 10 (or less) for the connection-limit.This configuration will permit up to 10 users to log in to the device simultaneously, but an attempt to log an 11th user into the device will fail. The attempt will remain in a waiting state until a session is terminated and made available.

Check content

Verify the Juniper SRX sets a connection-limit for the SSH protocol. Show system services ssh If the SSH connection-limit is not set to 10 or less, this is a finding.

Fix text

Configure the SSH protocol to limit connection and sessions per connection. [edit] set system services ssh connection-limit 10 set system services ssh max-sessions-per-connection 1

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.