[j-nsp] SSH attack

[Ying Zhang]

Hello, all,

On our Juniper router, we constantly see people trying to connect through SSH. I've tried everything I can find to eliminate it. The following is what I've done so far. Just wondering if there is a better way to stop it on the router (we do block port ssh on every link). Thanks in advance.

root-login deny;
protocol-version v2;
connection-limit 5;
rate-limit 1;

retry-options {
    tries-before-disconnect 2;
    backoff-threshold 2;
    backoff-factor 10;
    minimum-time 20;
}


C