outbound-ssh

Syntax

Hierarchy Level

Release Information

Statement introduced in JUNOS Release 8.4.

Description

Configure a router running the JUNOS software behind a firewall to communicate with client management applications on the other side of the firewall.

Default

To configure transmission of the router’s device ID to the application, include the device-id statement at the [edit system services] hierarchy level.

Options

client-id—Identifies the outbound-ssh configuration stanza on the router. Each outbound-ssh stanza represents a single outbound SSH connection. This attribute is not sent to the client.

device-id—Identifies the router to the client during the initiation sequence.

secret—(Optional) Specifies the JUNOS router’s public SSH Host Key. If added to the outbound-ssh statement, during the initialization of the outbound SSH service, the router passes its public key to the management server. This is the recommended method of maintaining a current copy of the router’s public key.

keep-alive—(Optional) When configured, specifies that the router send keepalive messages to the management server. To configure the keepalive message, you must set both the timeout and retry attributes.

retry—Specifies the number of keepalive messages the router sends without receiving a response from the client before the current SSH connection will be disconnected. The default is three messages.

timeout—Specifies the amount of time that the JUNOS server waits for data before sending a keep alive signal. The default is 15 seconds.

reconnect-strategy—(Optional) Specifies the method the JUNOS router uses to reestablish a disconnected outbound SSH connection. Two methods available:

• sticky—Specifies that the router attempt to reconnect to the management server that it was last connected with first. If the connection is unavailable, it attempts to establish a connection with the next client on the list and so forth until a connection is made.
• in-order—Specifies that the router attempt to establish an outbound SSH session based on the management server address list. The router attempts to establish a session with the first server on the list. If this connection is not available, the router attempts to establish a session with the next server, and so on down the list until a connection is established.

When reconnecting to a client, the router attempts to reconnect to the client based on the retry and timeout values for each client listed.

services—Specifies the services available for the session. Currently, NETCONF is the only service available.

address—Indicates the hostname or the IPv4 address of the NSM application server. You can list multiple clients by adding each client’s IP address or hostname along with the following connection parameters:

• port—Sets the outbound SSH port for the client. The default is port 22.
• retry—Specifies the number of times the JUNOS router will attempt to establish an outbound SSH connection before gving up. The default is 3 tries.
• timeout—Sets the amount of time that the router attempts to establish an outbound SSH connection before giving up. The default is 15 seconds.

filename—(Optional) By default, the file name of the log file used to record the trace options is the name of traced process (for example mib2d or snmpd). Use this option to override the default value.

files—(Optional) The maximum number of trace files generated. By default, the maximum number of trace files is 10. Use this option to override the default value.

When a trace file reaches its maximum size, the system archives the file and starts a new file. The system archives trace files by appending a number to the file name in sequential order from 1 to the maximum value (specified by the default value or the options value set here). Once the maximum value is reached, the numbering sequence is restarted at 1, overwriting the older file.

size—(Optional) The maximum size of the trace file in kilobytes (KB). Once the maximum file size is reached, the system archives the file. The default value is 1000 KB. Use this option to override the default value.

match—(Optional) When used, the system only adds lines to the trace file that match the the regular expression specified. For example, if the match value is set to =error, the system only records lines to the trace file that include the string error.

world-readable | no-world-readable—(Optional) This option specifies whether the files are accessible by the originator of the trace operation only or by any user. By default, log files are only accessible by the user that started the trace operation (no-world-readable).

all | configuration | connectivity—(Optional) This flag specifies the type of tracing operation to perform.

all—Log all events.

configuration—Log all events pertaining to the configuration of the router.

connectivity—Log all events pertaining to the establishment of a connection between the client server and the router.

no-remote-trace—(Optional) Disables remote tracing.

Usage Guidelines

See Configuring Outbound SSH Service.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.