JUSX-DM-000001 - The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH.

Information

The connection-limit command limits the total number of concurrent SSH sessions. To help thwart brute force authentication attacks, the connection limit should be as restrictive as operationally practical

Juniper Networks recommends the best practice of setting 10 (or less) for the connection-limit.

This configuration will permit up to 10 users to log in to the device simultaneously, but an attempt to log an 11th user into the device will fail. The attempt will remain in a waiting state until a session is terminated and made available.

Solution

Configure the SSH protocol to limit connection and sessions per connection.

[edit]
set system services ssh connection-limit 10
set system services ssh max-sessions-per-connection 1

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_SRX_SG_Y24M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-10, CAT|III, CCI|CCI-000054, Rule-ID|SV-223180r960735_rule, STIG-ID|JUSX-DM-000001, STIG-Legacy|SV-81039, STIG-Legacy|V-66549, Vuln-ID|V-223180

Plugin: Juniper

Control ID: e2ad94850109ced96bf1c788f35a377b0f4a7fa7c0556c36cc5a18c0255c4c73