Enable NETCONF Service over SSH

The IETF draft Using the NETCONF Configuration Protocol over Secure Shell (SSH) requires that the NETCONF server by default provide SSH access to client machines over a dedicated TCP port, to make it easy to identify and filter NETCONF traffic. The port for the JUNOS NETCONF server is 32000. You can also enable client applications to access the NETCONF server over the default SSH port (22). For more information about the IETF draft, see Generating Well-Formed XML Documents.

To enable NETCONF service over SSH, perform the following steps:

1. Include one or both of the following statements at the indicated hierarchy level:
   • To enable SSH access over the devoted port (32000) as specified by the IETF specification, include the ssh statement at the [edit system services netconf] hierarchy level:

     [edit system services]

     user@host# set netconf ssh

   • To enable access over the default SSH port (22), include the ssh statement at the [edit system services] hierarchy level. This configuration also enables SSH access to the routing platform for all users and applications.

     [edit system services]

     user@host# set ssh

2. Commit the configuration:

   [edit]

   user@host# commit

3. Repeat step 1 and step 2 on each routing platform where the client application establishes NETCONF sessions.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.