SRX

Expand all | Collapse all

How can I connect via SSH after a delete?

Jump to Best Answer
  • 1.  How can I connect via SSH after a delete?

    Posted 10-07-2019 01:42

    Hello!

    I have an SRX550, if I do a "load factory-default" I can access through port ge-0/0/1 to ge-0/0/5 and it works perfectly, but I want to configure the device from 0 with a delete and I have tried to configure it but I cannot access, steps that I have followed:
    
    root @ ok> delete
    root @ ok> load factory-default
    root @ ok> set system root-authentication plain-text-password
    ... I put the password ...
    root @ ok> commit
    root @ ok> configure
    root @ ok # set system services ssh
    root @ ok # set interface fxp0 unit 0 family inet address 192.168.1.2/24
    or
    root @ ok # set interface ge-0/0/0 unit 0 family inet address 192.168.1.2/24
    or
    root @ ok # set interface ge-0/0/3 unit 0 family inet address 192.168.1.2/24
    What do I need to access through SSH? What is the problem? Thank you very much


  • 2.  RE: How can I connect via SSH after a delete?

     
    Posted 10-07-2019 02:00

    Hi,

     

    Can you please add "set system services ssh root-login allow" and check if SSH works.

    Default root-login is deny in latest releases.

     

    Thanks,
    Pradeep
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!



  • 3.  RE: How can I connect via SSH after a delete?

    Posted 10-07-2019 02:22

    Hello! I've tried again connecting the ethernet cable to the port ge-0/0/0 and ge-0/0/1 and it doesn't work, my configuration is this:

    root@ok> show configuration
    ## Last commit: 2019-10-07 11:06:14 UTC by root
    version 12.3X48-D85.1;
    system {
    root-authentication {
    encrypted-password "$1$O1bh.aLw$1PuvLOQXet1Be6/X.hHL0."; ## SECRET-DATA
    }
    services {
    ssh {
    root-login allow;
    }
    }
    }
    interfaces {
    ge-0/0/1 {
    unit 0 {
    family inet {
    address 192.168.1.3/24;
    }
    }
    }
    fxp0 {
    unit 0 {
    family inet {
    address 192.168.1.2/24;
    }
    }
    }
    }

    root@ok>

     

     

    #Thank you!



  • 4.  RE: How can I connect via SSH after a delete?

     
    Posted 10-07-2019 03:09

    By default interface 0/0/0 is in the untrust zone facing the internet and ssh is not permitted in that zone setting.

     

    Either move the interface to the trust zone or change the untrust zone settings to permit ssh under host inbound traffic

     



  • 5.  RE: How can I connect via SSH after a delete?
    Best Answer

     
    Posted 10-07-2019 03:12

    In the steps followed, I see load factory-default followed by delete. if that's the case, there should be more configuration on the device.

     

    If yes, delete the fxp0 interface configuration and connect to the port ge-0/0/1 using the IP 192.168.1.3, it should work.

     

    If you have deleted entire confguration without loading the factory-default, then you might have to:

    configure security zones,

    bind interface to a specific zone,

    enable host-inbound-traffic for ssh under system-services for that specific zone,

    then configure interface with an IP.

     

    https://www.juniper.net/documentation/en_US/release-independent/junos/topics/concept/services-gateway-srx550-built-in-ethernet-port.html

     

    https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-edit-system-service-zone-host-inbound-traffic.html

     

    Please read through above links for understanding of how interfaces work with factory-default config.

     

    Thanks and Regards,

    Pradeep.

     



  • 6.  RE: How can I connect via SSH after a delete?

    Posted 10-07-2019 04:16
    Ok, thank you very much, I will try to introduce the zones to see if this works, greetings.


  • 7.  RE: How can I connect via SSH after a delete?

    Posted 10-08-2019 02:28

    Hello, thank your for spuluka.

    root> show configuration
    ## Last commit: 2019-10-08 10:16:59 UTC by root
    version 12.3X48-D85.1;
    system {
    root-authentication {
    encrypted-password "$1$7zMZ0rtR$.Nokl4oVffYWIcyRhZlAP0"; ## SECRET-DATA
    }
    services {
    ssh;
    web-management {
    https {
    port 443;
    system-generated-certificate;
    interface ge-0/0/0.0;
    }
    }
    }
    }
    security {
    zones {
    security-zone trust {
    interfaces {
    ge-0/0/0.0 {
    host-inbound-traffic {
    system-services {
    https;
    ssh;
    }
    }
    }
    }
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family inet {
    address 192.168.1.2/24;
    }
    }
    }
    }

    root>