controller. A flood of packets from a packet generator does not cause problems
regardless of whether SSH is enabled.
Before You Configure SSH
You must obtain and install a commercial SSH client on the host from which you
want to administer the system. Versions earlier than 2.0.12 of the SSH client are not
supported.
Determine your Telnet policy before you configure SSH on your system. Effective
use of SSH implies that you should severely limit Telnet access to the system. To
limit Telnet access, create access control lists that prevent almost all Telnet usage,
permitting only trusted administrators to access the system through Telnet. For
example, you might limit access to administrators who need to Telnet to the system
from a remote host that does not have the SSH client installed.
You must install and configure a RADIUS server on a host machine before you
configure SSH on your router. Refer to your RADIUS server documentation for
information about choosing a host machine and installing the server software. You
must also configure the RADIUS client on your router. See JUNOSe Broadband Access
Configuration Guide for more information.
SSH Configuration Tasks
You configure SSH on individual virtual routers, rather than on the global system.
To configure SSH:
1. Access the context of the virtual router.
2. Configure encryption.(Optional)
3. Configure user authentication, including connection parameters.
4. Configure message authentication.(Optional)
5. Enable SSH.
6. Display SSH to verify configuration.
Configuring Encryption
The embedded SSH server and external SSH client maintain separate lists of the
encryption algorithms that each supports. Lists are kept for inbound and outbound
algorithms. For the server:
â– Inbound means the algorithms that the server supports for information coming
in from a client.
â– Outbound means the algorithms that the server supports for information it sends
out to a client.
You must configure each list separately. By default, all of the supported encryption
algorithms are available. You need to configure encryption only if you need to
specifically remove or add any supported algorithm from the list. Refer to your SSH
Secure System Administration with SSH â– 439
Chapter 7: Passwords and Security
To Next Page
Loading...
Need help?
General
