SRX Services Gateway
Highlighted
SRX Services Gateway

SSH Decryption on SRX

2 weeks ago

Hello, 

 

Is it possible to perform SSH decryption on SRX devices ?

 

Thanks,

Hari Reddy. 

6 REPLIES 6
Highlighted
SRX Services Gateway

Re: SSH Decryption on SRX

[ Edited ]
2 weeks ago

Hello Hari,

 

Do you mean SSH password decryption or SSH traffic decryption?

 

If you want to decrypt the SSH password, we can achieve this in SRX with a certain condition. Please find the technical document for the same - https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/request-security-...

 

AFAIK, It is not possible to decrypt SSH traffic on SRX series devices.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: SSH Decryption on SRX

2 weeks ago

Hello Hari,

 

SSH proxy is currently not supported in SRX series devices.

 

Regards,

Prakash

Highlighted
SRX Services Gateway

Re: SSH Decryption on SRX

2 weeks ago

Thank you for the response. 

 

As SSH proxy is not supported, I don't think it is possible to decrypt SFTP or SCP traffic. 

 

Any work around to filter files transferred over SFTP. For example to block ZIP files uploads or downloads over SFTP.

Highlighted
SRX Services Gateway

Re: SSH Decryption on SRX

2 weeks ago

Hello Hari,

 

I am afraid it's not possible with current design as SRX doesn't have a way to identify the type of file being transferred over the secure channel.

 

Regards,

Prakash

Highlighted
SRX Services Gateway

Re: SSH Decryption on SRX

2 weeks ago

Hi Hari,

 

I guess we can do it for normal traffic via UTM but not for a secure one - https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: SSH Decryption on SRX

2 weeks ago

Thank you for the response. 

 

Yes with Content filtering, file extensions can be blocked for plain traffic and even for HTTPS traffic if SSL Proxy is configured. But I am looking for solution to block file extensions for SFTP and SCP traffic. 

 

Thanks,

Hari. 

 

 

Feedback