[Contents] [Prev] [Next] [Index] [Report an Error]

Prerequisites for SSH Connections

To enable a client application to use the SSH protocol to connect to the JUNOScript server, perform the following steps:

  1. Enable the application to access the SSH software.

    If the application uses the JUNOScript Perl module provided by Juniper Networks, no action is necessary. As part of the installation procedure for the Perl module, you install a prerequisites package that includes the necessary SSH software. For instructions, see Downloading the JUNOS Module and Sample Scripts.

    If the application does not use the JUNOScript Perl module, obtain the SSH software and install it on the computer where the application runs. For information about obtaining and installing SSH software, see http://www.ssh.com and http://www.openssh.com.

  2. Satisfy the prerequisites discussed in Prerequisites for All Access Protocols.
  3. (Optional) If you want to use key-based SSH authentication for the application, create a public/private key pair and associate it with the JUNOS login account you created in Prerequisites for All Access Protocols. Perform the following steps:
    1. Working on the computer where the client application runs, issue the ssh-keygen command in a standard command shell (not the JUNOS CLI). By providing the appropriate arguments, you encode the public key with either RSA (supported by SSH versions 1 and 2) or the Digital Signature Algorithm (DSA), supported by SSH version 2. For more information, see the manual page provided by your SSH vendor for the ssh-keygen command. The JUNOS software uses SSH version 2 by default but also supports version 1.
      % ssh-keygen options
    2. Enable the application to access the public and private keys. One method is to run the ssh-agent program on the computer where the application runs.
    3. Working in configuration mode on the routing platform that needs to accept SSH connections from JUNOScript client applications, associate the public key with the JUNOS login account by including the load-key-file statement at the [edit system login user account-name authentication] hierarchy level. First, move to that hierarchy level:
      [edit]
      user@host# edit system login user account-name authentication

      Issue the following command to copy the contents of the specified file onto the routing platform:

      [edit system login user account-name authentication]
      user@host# set load-key-file URL

      URL is the path to the file that contains one or more public keys. The ssh-keygen command by default stores each public key in a file in the .ssh subdirectory of the user home directory; the filename depends on the encoding (DSA or RSA) and SSH version. For information about specifying URLs, see the JUNOS CLI User Guide.

      Alternatively, you can include one or both of the ssh-dsa and ssh-rsa statements at the [edit system login user account-name authentication] hierarchy level. We recommend using the load-key-file statement, however, because it eliminates the need to type or cut and paste the public key on the command line. For more information about the ssh-dsa and ssh-rsa statements, see the JUNOS System Basics Configuration Guide.

  4. Configure the routing platform to accept SSH connections by including the ssh statement at the [edit system services] hierarchy level. This statement enables SSH access for all users and applications, not just JUNOScript client applications.
    [edit system login user account-name authentication]
    user@host# top
    [edit]
    user@host# set system services ssh
  5. Commit the configuration:
    [edit]
    user@host# commit
  6. Repeat Step item on each computer where the application runs, and Step itemitemitem through Step item on each routing platform to which the application connects.
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.