SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Update an existing system user login method (SRX650)

    Posted 02-20-2019 10:50

    I have a system user with super-user access, currently set to login with a password. 

     

    # set system login user testuser authentication encrypted-password "****************************"

     

    I would like to update the existing statement in the configuration to make the same user authenticate using SSH Keys instead of password. Please advise how to update the configuration.


    #SRX


  • 2.  RE: Update an existing system user login method (SRX650)

    Posted 02-20-2019 11:05

    Hi,

     

    Check the following articles:

     

    Using keys generated in the Junos device:

     

           https://kb.juniper.net/InfoCenter/index?page=content&id=KB30588 

     

    Using keys generated in an external server:

     

          http://rtodto.net/public-key-authentication-in-junos/ 

          https://junoshints.wordpress.com/2011/07/15/login-with-ssh-keys-instead-of-passwords-to-junos-router/

     



  • 3.  RE: Update an existing system user login method (SRX650)

    Posted 02-20-2019 11:17

    Thanks for the advise and sharing the links, actually I had been to both the article earlier today.

     

    My issue is slightly ahead of this, maybe I missed to add that in my original description. sorry.

     

    I tried following the instructions and updated the configuration but what happened is, it created two entries in the configuration instead of updating existing one. Thankfully, I had only used commit confirm so revert was easy. 

     

    So to summarize,

     

    I would like to remove the existing line

    # set system login user testuser authentication encrypted-password "****************************"

    and replace it with a statement to 

    set system login user testuser authentication load-key-file /root/.ssh/id_rsa.pub

     

    Please advise.



  • 4.  RE: Update an existing system user login method (SRX650)
    Best Answer

    Posted 02-20-2019 11:36

    Thanks for the confirmation. You just need to deleted the first line and add the second one:

     

    # delete system login user testuser authentication encrypted-password
    # set system login user testuser authentication load-key-file /root/.ssh/id_rsa.pub

     

     If you are afraid of getting locked by this change, you could first create a second user and have it as a backup login mechanism.