SRX

Expand all | Collapse all

Update an existing system user login method (SRX650)

Jump to Best Answer
  • 1.  Update an existing system user login method (SRX650)

    Posted 02-20-2019 10:50

    I have a system user with super-user access, currently set to login with a password. 

     

    # set system login user testuser authentication encrypted-password "****************************"

     

    I would like to update the existing statement in the configuration to make the same user authenticate using SSH Keys instead of password. Please advise how to update the configuration.


    #SRX


  • 2.  RE: Update an existing system user login method (SRX650)

    Posted 02-20-2019 11:05

    Hi,

     

    Check the following articles:

     

    Using keys generated in the Junos device:

     

           https://kb.juniper.net/InfoCenter/index?page=content&id=KB30588 

     

    Using keys generated in an external server:

     

          http://rtodto.net/public-key-authentication-in-junos/ 

          https://junoshints.wordpress.com/2011/07/15/login-with-ssh-keys-instead-of-passwords-to-junos-router/

     



  • 3.  RE: Update an existing system user login method (SRX650)

    Posted 02-20-2019 11:17

    Thanks for the advise and sharing the links, actually I had been to both the article earlier today.

     

    My issue is slightly ahead of this, maybe I missed to add that in my original description. sorry.

     

    I tried following the instructions and updated the configuration but what happened is, it created two entries in the configuration instead of updating existing one. Thankfully, I had only used commit confirm so revert was easy. 

     

    So to summarize,

     

    I would like to remove the existing line

    # set system login user testuser authentication encrypted-password "****************************"

    and replace it with a statement to 

    set system login user testuser authentication load-key-file /root/.ssh/id_rsa.pub

     

    Please advise.



  • 4.  RE: Update an existing system user login method (SRX650)
    Best Answer

    Posted 02-20-2019 11:36

    Thanks for the confirmation. You just need to deleted the first line and add the second one:

     

    # delete system login user testuser authentication encrypted-password
    # set system login user testuser authentication load-key-file /root/.ssh/id_rsa.pub

     

     If you are afraid of getting locked by this change, you could first create a second user and have it as a backup login mechanism.