Ensure SSH Connection Limit is Set


SSH connections should be limited.


SSH is a common management protocol, so is often targeted by attackers trying to gain access to routers or execute Denial of Service (DoS) attacks.

To limit the effectiveness of DoS and Brute Force attacks targeting the JUNOS device using the SSH service the maximum number of concurrent connections should be limited. Any sessions attempted once this limit is reached will be rejected. A maximum limit of 10 concurrent sessions is recommended for most environments.


To restrict concurrent SSH connections, issue the following command from the [edit system services ssh] hierarchy:

[edit system services ssh]
[email protected]#set connection-limit <limit>

NOTE - On some platforms the maximum configuration connection limit may be significantly lower than 10, for example, on an SRX110 the connection limit can be set to a value between 1 and 3.

Default Value:

Up to 75 concurrent sessions are accepted by default on most current platforms.

See Also


Item Details


References: 800-53|IA-2(1), CSCv7|11.5

Plugin: Juniper

Control ID: 87d6b53239fd0d652a68fe0e7f022a26bb7c431088c88b00d1481627bad4a899