You may want to check out this KB article:
https://supportportal.juniper.net/s/article/Junos-How-to-regenerate-SSH-host-keys-on-Junos-devices-in-shell?language=en_US
------------------------------
-Slicerpro
------------------------------
Original Message:
Sent: 11-12-2022 10:19
From: Mariusz Daroch
Subject: SSH connection
Hi, I have a question, I'm starting to work with Juniper and I'm having trouble SSH connection to the device. I am using 2 vSRX running on GNS3 and have created a networkHost -> Switch-> FirewallI changed the operating mode of the device:set security forwarding-options family mpls mode packet-basedand rebooted the device.Devices are able to ping from host, however from host I can only connect via SSH to SRX (firewall)SRX(switch) stops after 60 seconds
SRX1:(firewall)
## Last changed: 2022-11-12 13:07:05 UTC
version 20190606.224121_builder.r1033375;
system {
host-name FireWall;
root-authentication {
encrypted-password "$6$puKcsYUz$qLj.sIrT/vSWiUUWOifsjmhGqPtQNrX4RlBhGjpYfbusAGs5mGI5xVX2gF/FElPcBw8Y9jYIeo/bRwQ6Kiue5/"; ## SECRET-DATA
}
login {
user PyNet {
uid 2001;
class super-user;
authentication {
encrypted-password "$6$peYctrmQ$souUfll57mw8IeWoMepzC5mmXMv07poeE8lxLTIrmtF/nB4VFordbead1A3yZ1zdKUWWt9.S/omxgP1grG3RE."; ## SECRET-DATA
}
}
}
services {
ssh {
root-login allow;
}
netconf {
ssh {
port 830;
}
rfc-compliant;
}
}
}
security {
policies {
from-zone untrust to-zone untrust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;
ge-0/0/0.99;
}
}
}
}
interfaces {
ge-0/0/0 {
vlan-tagging;
unit 99 {
vlan-id 99;
family inet {
address 12.0.0.1/8;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.1.1/8;
}
}
}
}
vlans {
vlan-trust {
vlan-id 99;
}
}
SRX2(switch):
system {
host-name switch;
root-authentication {
encrypted-password "$6$zQ6HVWdo$rc4o.XcCI9c2sk4l/7dpCE7ylN1cZu5u4JqnWn08VAjYVFc.s7lUcc5642DTuZvvJPW9hBpabQM/Oox/ZVEjO."; ## SECRET-DATA
}
services {
ssh;
netconf {
ssh {
port 830;
}
rfc-compliant;
}
web-management {
http {
interface fxp0.0;
}
}
}
}
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 20 99 admin pracownicy ];
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members admin;
}
}
}
}
irb {
unit 99 {
family inet {
address 12.0.0.3/8;
}
}
}
}
vlans {
admin {
vlan-id 99;
l3-interface irb.99;
}
pracownicy {
vlan-id 20;
}
}
------------------------------
Mariusz Daroch
------------------------------