Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  SSH connection

    Posted 11-13-2022 20:54
    Hi, I have a question, I'm starting to work with Juniper and I'm having trouble SSH connection to the device. I am using 2 vSRX running on GNS3 and have created a network
    Host -> Switch-> Firewall
    
    I changed the operating mode of the device:
    set security forwarding-options family mpls mode packet-based
    and rebooted the device.
    
    Devices are able to ping from host, however from host I can only connect via SSH to SRX (firewall)
    SRX(switch) stops after 60 seconds


    SRX1:(firewall)
    ## Last changed: 2022-11-12 13:07:05 UTC
    version 20190606.224121_builder.r1033375;
    system {
    host-name FireWall;
    root-authentication {
    encrypted-password "$6$puKcsYUz$qLj.sIrT/vSWiUUWOifsjmhGqPtQNrX4RlBhGjpYfbusAGs5mGI5xVX2gF/FElPcBw8Y9jYIeo/bRwQ6Kiue5/"; ## SECRET-DATA
    }
    login {
    user PyNet {
    uid 2001;
    class super-user;
    authentication {
    encrypted-password "$6$peYctrmQ$souUfll57mw8IeWoMepzC5mmXMv07poeE8lxLTIrmtF/nB4VFordbead1A3yZ1zdKUWWt9.S/omxgP1grG3RE."; ## SECRET-DATA
    }
    }
    }
    services {
    ssh {
    root-login allow;
    }
    netconf {
    ssh {
    port 830;
    }
    rfc-compliant;
    }
    }
    }
    security {
    policies {
    from-zone untrust to-zone untrust {
    policy trust-to-trust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    }
    zones {
    security-zone untrust {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    ge-0/0/1.0;
    ge-0/0/0.99;
    }
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    vlan-tagging;
    unit 99 {
    vlan-id 99;
    family inet {
    address 12.0.0.1/8;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family inet {
    address 10.0.1.1/8;
    }
    }
    }
    }
    vlans {
    vlan-trust {
    vlan-id 99;
    }
    }

    SRX2(switch):
    system {
    host-name switch;
    root-authentication {
    encrypted-password "$6$zQ6HVWdo$rc4o.XcCI9c2sk4l/7dpCE7ylN1cZu5u4JqnWn08VAjYVFc.s7lUcc5642DTuZvvJPW9hBpabQM/Oox/ZVEjO."; ## SECRET-DATA
    }
    services {
    ssh;
    netconf {
    ssh {
    port 830;
    }
    rfc-compliant;
    }
    web-management {
    http {
    interface fxp0.0;
    }
    }
    }
    }
    security {
    forwarding-options {
    family {
    mpls {
    mode packet-based;
    }
    }
    }
    zones {
    security-zone trust {
    tcp-rst;
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    interfaces {
    ge-0/0/0.0;
    ge-0/0/1.0;
    }
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family ethernet-switching {
    interface-mode trunk;
    vlan {
    members [ 20 99 admin pracownicy ];
    }
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family ethernet-switching {
    interface-mode access;
    vlan {
    members admin;
    }
    }
    }
    }
    irb {
    unit 99 {
    family inet {
    address 12.0.0.3/8;
    }
    }
    }
    }
    vlans {
    admin {
    vlan-id 99;
    l3-interface irb.99;
    }
    pracownicy {
    vlan-id 20;
    }
    }




    ------------------------------
    Mariusz Daroch
    ------------------------------


  • 2.  RE: SSH connection

    Posted 11-14-2022 09:59
    You may want to check out this KB article:

    https://supportportal.juniper.net/s/article/Junos-How-to-regenerate-SSH-host-keys-on-Junos-devices-in-shell?language=en_US



    ------------------------------
    -Slicerpro
    ------------------------------



  • 3.  RE: SSH connection

    Posted 11-17-2022 13:45
    Thank You 
    But I finally get it, after many hours of testing.

    ------------------------------
    Mariusz Daroch
    ------------------------------