The JUNOS software is preinstalled on the router. When the router is powered on, it is ready to be configured. Initially, you log in to the router as the user “root” with no password.
 |
Note: If you configure a blank password using the encrypted-password statement at the [edit system root-authentication] hierarchy level for root authentication, you will be able to commit a configuration, but you will not be able to login as superuser and get root level access to the router. |
After you log in, you should configure the root (superuser) password by including the root-authentication statement at the [edit system] hierarchy level:
- [edit system]
-
root-authentication {
- (encrypted-password "password"| plain-text-password);
- ssh-dsa "public-key";
- ssh-rsa "public-key";
- }
If you configure the plain-text-password option, you are prompted to enter and confirm the password:
- [edit system]
- user@host# set root-authentication plain-text-password
- New password: type password here
- Retype new password: retype password here
To load an SSH key file, enter the load-key-file command. This command loads RSA (SSH version 1 and SSH version 2) and DSA (SSH version 2) public keys.
You can also configure SSH RSA keys and SSH DSA keys to authenticate root logins. You can configure more than one public RSA or DSA key for SSH authentication of root logins as well as for user accounts. When a user logs in as root, the public keys are referenced to determine whether the private key matches any of them. For more information about how to configure user accounts, see Configuring User Accounts. For an example of how to configure SSH public keys for root authentication, see Example: Configuring SSH Authentication for Root Logins.
If you load the SSH keys file, the contents of the file are copied into the configuration immediately after you enter the load-key-file statement. To view the SSH keys entries, use the configuration mode show command. For example:
- [edit system]
- user@host# set root-authentication load-key-file
my-host:.ssh/identity.pub
- .file.19692 | 0 KB | 0.3 kB/s
| ETA: 00:00:00 | 100%
- [edit system]
- user@host# show
- root-authentication {
- ssh-rsa "1024 35 9727638204084251055468226757249864241630322
20740496252839038203869014158453496417001961060835872296
15634757491827360336127644187426594689320773910834481012
68312595772262546166799927831612350043866091586628382248
97467326056611921489539813965561563786211940327687806538
16960202749164163735913269396344008443 boojum@juniper.net";
#
SECRET-DATA
- }
JUNOS-FIPS has special password requirements. FIPS passwords must be between 10 and 20 characters in length. Passwords must use at least three of the five defined character sets (uppercase letters, lowercase letters, digits, punctuation marks, and other special characters). If JUNOS-FIPS is installed on the router, you cannot configure passwords unless they meet this standard. If you use the encrypted-password option, then a null-password (empty) is not permitted.
You cannot configure a blank password for encrypted-password using blank quotation marks (" "). You must configure a password whose number of characters range from 1 through 128 characters and enclose the password in quotation marks.
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |