6.10.1.2 Ensure SSH is Restricted to Version 2

Information

Remote console connections should only use SSH Version 2.

Rationale:

SSH Version 1 has been subject to a number of serious vulnerabilities and is no longer considered to be a secure protocol, resulting in the adoption of SSH Version 2 as an Internet Standard in 2006. Juniper routers support both versions, but due to the weakness of SSH Version 1 only the later standard should be used.

Solution

To restrict SSH to Version 2 only, issue the following command from the [edit system service ssh] hierarchy:

[edit system services ssh]
[email protected]#set protocol-version v2

Default Value:

Version 2 should be the default on all current platforms.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CSCv7|11.5

Plugin: Juniper

Control ID: e517f0133a731371c79b062d1c24f0c94e0506efcb7c51d1e472226aa236f4d3