Hi Oliver,
Thanks for that information. We were aware of that and were required to delete those items from the configuration in order to update, so that part has been completed.
However, those items are part of the previous configurations that are save with each change, and can not be removed from them, nor would we want that.
What's happening is the command "show system rollback compare" is complaining about the older version of the configuration, not the current, active configuration. It should not care what is in the old configuration, and just show the difference, which it does not.
------------------------------
Michael
------------------------------
Original Message:
Sent: 03-06-2025 08:07
From: Olivier Benghozi
Subject: "show system rollback compare" no longer provides comparison output if there are syntax differences with the current version of JunOS
When you update an OS, you must read the release notes ; that's a full time job :)
Release Notes: Junos OS Release 22.2R1
SSH TCP forwarding disabled by default-We've disabled the SSH TCP forwarding feature by default to enhance security. To enable the SSH TCP forwarding feature, you can configure the allow-tcp-forwarding statement at the [edit system services ssh] hierarchy level.
In addition, we've deprecated the tcp-forwarding and no-tcp-forwarding statements at the [edit system services ssh] hierarchy level.
Short answer: just do some
delete system services ssh macs
delete system services ssh no-tcp-forwarding
As they're no more relevant. That simple.
I'm sure you'll find the deprecated ssh macs stuff in another release note document :)
------------------------------
Olivier Benghozi
Original Message:
Sent: 03-05-2025 12:34
From: Michael
Subject: "show system rollback compare" no longer provides comparison output if there are syntax differences with the current version of JunOS
Is anyone else having problems with the output of "show system rollback compare"?
We recently upgraded to 23.4 and get results like these on different models.
test4400> show system rollback compare 40 0
/config/juniper.conf:86:(29) syntax error: no-tcp-forwarding
[edit system services ssh]
'no-tcp-forwarding;'
syntax error
There were other errors on a different switch.
distribution1> show system rollback compare 40 39
/config/juniper.conf:86:(29) syntax error: no-tcp-forwarding
[edit system services ssh]
'no-tcp-forwarding;'
syntax error
/config/juniper.conf:90:(169) invalid value: hmac-sha2-512-96
[edit system services ssh macs]
'macs [ hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-512 hmac-sha2-256 umac-128@openssh.com hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-sha1 ];'
invalid value
/config/juniper.conf:99:(13) error recovery ignores input until this point: }
[edit system services ssh macs]
'}'
error recovery ignores input until this point
warning: statement must contain additional statements
/config/juniper.conf:86:(29) syntax error: no-tcp-forwarding
[edit system services ssh]
'no-tcp-forwarding;'
syntax error
/config/juniper.conf:90:(169) invalid value: hmac-sha2-512-96
[edit system services ssh macs]
'macs [ hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-512 hmac-sha2-256 umac-128@openssh.com hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-sha1 ];'
invalid value
/config/juniper.conf:99:(13) error recovery ignores input until this point: }
[edit system services ssh macs]
'}'
error recovery ignores input until this point
warning: statement must contain additional statements
------------------------------
Michael
------------------------------