Rule ID
SV-81025r1_rule
Version
V1R3
CCIs
This setting frees device resources and mitigates the risk of an unauthorized user gaining access to an open idle session. When sessions are terminated by a normal administrator log off, the Juniper SRX makes the current contents unreadable and no user activity can take place in the session. However, abnormal terminations or loss of communications do not signal a session termination, thus a keep-alive count and interval must be configured so the device will know when communication with the client is no longer available. The keep-alive value and the interval between keep-alive messages must be set to an organization-defined value based on mission requirements and network performance.
[edit] show system services ssh If the keep-alive count and keep-alive interval are not set to an organization-defined value, this is a finding.
Configure the SSH keep-alive value. [edit] set system services ssh client-alive-count-max <organization-defined value> set system services ssh client-alive-interval <organization-defined value> Note: The keep-alive value and the interval between keep-alive messages must be set based on mission requirements and network performance for each local network.