Managing vty Lines

The system supports 30 virtual tty (vty) lines for Telnet, SSH, and FTP services. Each Telnet, SSH, or FTP session requires one vty line. When you connect to the router through a vty line, the number of the vty line is not assigned sequentially; instead, the system assigns the first vty line that passes the host access list check rules.

Configuring vty Lines

By default five vty lines (0–4) are open. You can open additional lines using the line vty command. Once lines are open, login is enabled by default. Before users can access the lines, you must configure a password, disable login using the no login command, or configure AAA authentication on the lines.

line vty

• Use to open or configure vty lines.
• You can specify a single line or a range of lines. The range is 0–29.
• Example

  host1(config)#line vty 6 10

  host1(config-line)#

• Use the no version to remove a vty line or a range of lines from the configuration. Lines that you remove will no longer be available for use by Telnet, FTP, or SSH. When you remove a vty line, the system removes all lines above that line. For example, no line vty 6 causes the system to remove lines 6 through 29. You cannot remove lines 0 through 4.
• See line.

password

• Use to specify a password on a single line or a range of lines.
• If you enable login but do not configure a password, the system will not allow you to access virtual terminals.
• Specify a password in plain text (unencrypted) or cipher text (encrypted). In either case, the system stores the password as encrypted.
• You can use the following keywords:
  • 0 (zero)—Specifies an unencrypted password
  • 5—Specifies a secret
  • 7—Specifies an encrypted password
• Example 1 (unencrypted password)

  host1(config-line)#password 0 mypassword

• Example 2 (secret)

  host1(config-line)#password 5 y13_x

• Example 3 (encrypted password)

  host1(config-line)#password 7 x13_2

• Use the no version to remove the password. By default, no password is specified.
• See password.

For more information about configuring security for vty lines, see Managing the System .

Monitoring vty Lines

Use the show line vty command to monitor vty lines.

show line vty

• Use to display the configuration of a vty line.
• Field descriptions
  • access-class—Access class associated with the vty line
  • data-character-bits—Number of bits per character
    • 7—Setting for the standard ASCII set
    • 8—Setting for the international character set
  • exec-timeout—Time interval that the terminal waits for expected user input
    • Never—Indicates that there is no time limit
  • exec-banner—Status for the exec banner: enabled or disabled. This banner is displayed by the CLI after user authentication (if any) and before the first prompt of a CLI session.
  • motd-banner—Status for the MOTD banner: enabled or disabled. This banner is displayed by the CLI when a connection is initiated.
  • login-timeout—Time interval during which the user must log in.
    • Never—Indicates that there is no time limit
• Example

  host1#show line vty 0
  no access-class in
  data-character-bits 8
  exec-timeout 3w 3d 7h 20m 0s
  exec-banner enabled
  motd-banner enabled
  login-timeout 30 seconds

• See show line vty.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.