 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
When configured for outbound SSH, the router running the JUNOS software attempts to maintain a constant connection with a configuration management server. Whenever an outbound SSH session is not established, the router sends an outbound SSH initiation sequence to a configuration management server listed within the router’s configuration management server list. Prior to establishing a connection with the router, each configuration management server must be set up to receive this initiation sequence, establish a TCP connection with the JUNOS router, and transmit the device identity back to the JUNOS router.
The initiation sequence takes one of two forms, depending on how you chose to handle the JUNOS server's public key.
If the public key is installed manually on the configuration management server, the initiation sequence takes the following form:
MSG-ID: DEVICE-CONN-INFO\r\n
MSG-VER: V1\r\n
DEVICE-ID: <device-id>\r\n
If the public key is forwarded to the configuration management server by the router during the initialization sequence, the sequence takes the following form:
MSG-ID: DEVICE-CONN-INFO\r\n
MSG-VER: V1\r\n
DEVICE-ID: : <device-id>\r\n
HOST-KEY: <pub-host-key>\r\n
HMAC: <HMAC(pub-SSH-host-key,<secret>)>\r\n
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |