UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Juniper SRX Services Gateway must ensure TCP forwarding is disabled for SSH to prevent unauthorized access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66509 JUSX-DM-000114 SV-80999r1_rule Medium
Description
Use this configuration option to prevent a user from creating an SSH tunnel over a CLI session to the Juniper SRX via SSH. This type of tunnel could be used to forward TCP traffic, bypassing any firewall filters or ACLs, allowing unauthorized access.
STIG Date
Juniper SRX SG NDM Security Technical Implementation Guide 2019-06-28

Details

Check Text ( C-67155r1_chk )
Use the CLI to view this setting for disabled for SSH.

[edit]
show system services ssh

If TCP forwarding is not disabled for the root user, this is a finding.
Fix Text (F-72583r1_fix)
From the configuration mode, enter the following commands to disable TCP forwarding for the SSH protocol.

[edit]
set system services ssh no-tcp-forwarding