SSH Brute Force Mitigation in Junos

I have several Juniper SRX-210 devices configured in remote offices. One of the biggest problems I have is that there are a lot of people that are constantly running scripts against the ssh daemon. Now I could lock it down to only a specified list of allowed IP addresses. This would be the most secure method but i have a business requirement of being able to connect to this device from many different location. There is a command you can use to mitigate brute force attempts.

The command limits the number of ssh attempts per minute per source ip to 2. Just enough incase you make a mistake during login, but not enough for a script kiddie to run 500 attacks a minute against your firewall.

 
services {
   ssh {
     rate-limit 2;
  }
}

Tags: , ,

2 Responses to “SSH Brute Force Mitigation in Junos”

  1. joeyconcrete Says:

    Hey – spotted your youtube\exile.tv vides on Juniper (which lead me here). I’m responsible for networks and will shortly be switching over to Juniper M\EX\SRX so your videos\articles have been useful – JunOS seems a refreshing change to Cisco.

  2. john Says:

    Yes after years of working with Cisco I have become a big fan of Junos. They seem to get better with every release. Junos is not without its bugs and issues, but at least JTAC admits to bugs and issues while at the same time giving a recommended release for every platform and model.

Leave a Reply

You must be logged in to post a comment.

Categories
Support Our site