Configuring Password Retry Limits For Telnet And Ssh Access - Juniper J-Series Administration Manual
Juniper networks router administration guide
Hide thumbs
Also See for J-Series:
- Hardware manual (280 pages) ,
- Quick start manual (16 pages) ,
- Quick start manual (24 pages)
Table of Contents
Advertisement
J-series
Services Router Administration Guide
Table 20: CLI ssh Command Options (continued)
Option
interface source-interface
routing-instance routing-instance-name
source address
v1
v2
Configuring Password Retry Limits for Telnet and SSH Access
To prevent brute force and dictionary attacks, the Services Router takes the following
actions for Telnet or SSH sessions by default:
You can configure the password retry limits for Telnet and SSH access. In this
example, you configure the Services Router to take the following actions for Telnet
and SSH sessions:
To configure password retry limits for Telnet and SSH access:
1.
2.
3.
26
Configuring Password Retry Limits for Telnet and SSH Access
Description
Open an SSH connection to a host on the specified interface. If you do not include this
option, all interfaces are used.
Use the specified routing instance for the SSH connection.
Use the specified source address for the SSH connection.
Force SSH to use version 1 for the connection.
Force SSH to use version 2 for the connection.
Disconnects a session after a maximum of 10 consecutive password retries.
After the second password retry, introduces a delay in multiples of 5 seconds
between subsequent password retries.
For example, the Services Router introduces a delay of 5 seconds between the
third and fourth password retry, a delay of 10 seconds between the fourth and
fifth password retry, and so on.
Enforces a minimum session time of 20 seconds during which a session cannot
be disconnected. Configuring the minimum session time prevents malicious
users from disconnecting sessions before the password retry delay goes into
effect, and attempting brute force and dictionary attacks with multiple logins.
Allow a maximum of 4 consecutive password retries before disconnecting a
session.
Introduce a delay in multiples of 5 seconds between password retries that occur
after the second password retry.
Enforce a minimum session time of 40 seconds during which a session cannot
be disconnected.
Navigate to the top of the configuration hierarchy in either the J-Web or CLI
configuration editor.
Perform the configuration tasks described in Table 21 on page 27.
If you are finished configuring the network, commit the configuration.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
