SSH Configuration Examples in Juniper(JunOS)

SSH Configuration Examples in  Juniper(JunOS)
Here are the configuration examples:
whereas:
192.168.100.100 = Jumphost IP (Allowed IP to SSH into the device)

system {
services {
ssh {
root-login deny;
protocol-version v2;
connection-limit 5;
rate-limit 5;

policy-options {
prefix-list PERMIT-SSH {
192.168.100.100/32;
}

firewall {
family inet {
filter PROTECT-ENGINE {
term PERMIT-SSH {
from {
source-prefix-list {
ALLOWED-IP;
}
protocol tcp;
port [ ssh ];
}
then {
count PERMIT-SSH;
accept;
}
}

term DENY-SSH {
from {
protocol tcp;
destination-port ssh;
}
then {
count DENY-SSH;
discard;
}
}

interfaces {

lo0 {
unit 0 {
family inet {
filter {
input PROTECT-ENGINE;

Set format:
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services ssh connection-limit 5
set system services ssh rate-limit 5

set policy-options prefix-list  ALLOWED-IP 192.168.100.100/32

set firewall family inet filter PROTECT-ENGINE term PERMIT-SSH from source-prefix-list ALLOWED-IP
set firewall family inet filter PROTECT-ENGINE term PERMIT-SSH from protocol tcp
set firewall family inet filter PROTECT-ENGINE term PERMIT-SSH from port ssh
set firewall family inet filter PROTECT-ENGINE term PERMIT-SSH then count PERMIT-SSH
set firewall family inet filter PROTECT-ENGINE term PERMIT-SSH then accept

set firewall family inet filter PROTECT-ENGINE term DENY-SSH from protocol tcp
set firewall family inet filter PROTECT-ENGINE term DENY-SSH from destination-port ssh
set firewall family inet filter PROTECT-ENGINE term DENY-SSH then count DENY-SSH
set firewall family inet filter PROTECT-ENGINE term DENY-SSH then discard

set interfaces lo0 unit 0 family inet filter input PROTECT-ENGINE

For SSH Configuration in Cisco, pls. refer to this link –> SSH Configuration Examples in Cisco (IOS,IOS-XE,NX-OS,IOS-XR)

Be First to Comment

Leave a Reply