[j-nsp] sshd log messages !!
Harri Makela
harri_makela at yahoo.com
Thu Feb 27 07:13:42 EST 2014
Model: j6350
JUNOS Software Release [10.4R4.5]
Following is the current configuration that we have for ssh:-
set system login user xxx authentication ssh-rsa "ssh-rsa AAAAB"
set system services ssh
set security ssh-known-hosts host 10.x.x.x rsa-key
set security ssh-known-hosts host 10.x.x.x rsa-key
set firewall family inet filter Access term AllowSSH from port ssh
set firewall family inet filter Access term DenySSH from port ssh
Following firewall filter is in place:-
set interfaces ge-0/0/1 unit 0 family inet filter input Access
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16
set firewall family inet filter Access term AllowSSH from protocol tcp
set firewall family inet filter Access term AllowSSH from port ssh
set firewall family inet filter Access term AllowSSH then accept
set firewall family inet filter Access term DenySSH from protocol tcp
set firewall family inet filter Access term DenySSH from port ssh
set firewall family inet filter Access term DenySSH then reject
set firewall family inet filter Access term default-term then accept
I am now going to add loopback address as well:-
set interfaces lo0 unit 0 family inet filter input Access
Important thing is that all these alerst started when we applied the filter, may be something wrong with the ocnfiguration that we have applied.
Following is the vulnerability that we wanted to address:-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10612
Thanks all for your detailed response.
On Thursday, 27 February 2014, 7:11, Mark Tinka <mark.tinka at seacom.mu> wrote:
On Thursday, February 27, 2014 01:14:26 AM Rodrigo Augusto
wrote:
> Protect your RE. Put a filter on your loopback and permit
> only your netwoks to access this port(22).
Yep.
You really shouldn't let your SSH daemon have easy access to
the world.
Mark.
More information about the juniper-nsp
mailing list