[j-nsp] sshd log messages !!

Harri Makela harri_makela at yahoo.com
Thu Feb 27 07:13:42 EST 2014


Model: j6350 
JUNOS Software Release [10.4R4.5] 

Following is the current configuration that we have for ssh:-


set system login user xxx authentication ssh-rsa "ssh-rsa AAAAB" 
set system services ssh 
set security ssh-known-hosts host 10.x.x.x rsa-key 
set security ssh-known-hosts host 10.x.x.x rsa-key 
set firewall family inet filter Access term AllowSSH from port ssh 
set firewall family inet filter Access term DenySSH from port ssh 

Following firewall filter is in place:-

set interfaces ge-0/0/1 unit 0 family inet filter input Access 
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16 
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16 
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16 
set firewall family inet filter Access term AllowSSH from address X.X.X.X/16 
set firewall family inet filter Access term AllowSSH from protocol tcp 
set firewall family inet filter Access term AllowSSH from port ssh 
set firewall family inet filter Access term AllowSSH then accept 
set firewall family inet filter Access term DenySSH from protocol tcp 
set firewall family inet filter Access term DenySSH from port ssh 
set firewall family inet filter Access term DenySSH then reject 
set firewall family inet filter Access term default-term then accept 

I am now going to add loopback address as well:-

set interfaces lo0 unit 0 family inet filter input Access 

Important thing is that all these alerst started when we applied the filter, may be something wrong with the ocnfiguration that we have applied.


Following is the vulnerability that we wanted to address:-

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10612

Thanks all for your detailed response.




On Thursday, 27 February 2014, 7:11, Mark Tinka <mark.tinka at seacom.mu> wrote:
 
On Thursday, February 27, 2014 01:14:26 AM Rodrigo Augusto 

wrote:

> Protect your RE. Put a filter on your loopback and permit
> only your netwoks to access this port(22).

Yep. 

You really shouldn't let your SSH daemon have easy access to 
the world.

Mark.


More information about the juniper-nsp mailing list