Technical Documentation

outbound-ssh

Syntax

[edit system services]outbound-ssh {client client-id {address {port port-number;retry number;timeout seconds;}device-id device-id;keep-alive {retry number;timeout seconds;}reconnect-strategy (in-order | sticky);secret password;services netconf;}traceoptions {file filename <files number> <match regex> <size size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}

Hierarchy Level

[edit system services]

Release Information

Statement introduced in JUNOS Release 8.4.

Statement introduced in JUNOS Release 9.0 for EX Series switches.

Description

Configure a router or switch running the JUNOS Software behind a firewall to communicate with client management applications on the other side of the firewall.

Default

To configure transmission of the router’s or switch’s device ID to the application, include the device-id statement at the [edit system services] hierarchy level.

Options

client-id—Identifies the outbound-ssh configuration stanza on the router or switch. Each outbound-ssh stanza represents a single outbound SSH connection. This attribute is not sent to the client.

device-id—Identifies the router or switch to the client during the initiation sequence.

keep-alive—(Optional) When configured, specifies that the router or switch send keepalive messages to the management server. To configure the keepalive message, you must set both the timeout and retry attributes.

reconnect-strategy—(Optional) Specify the method the router or switch uses to reestablish a disconnected outbound SSH connection. Two methods are available:

  • in-order—Specify that the router or switch first attempt to establish an outbound SSH session based on the management server address list. The router or switch attempts to establish a session with the first server on the list. If this connection is not available, the router or switch attempts to establish a session with the next server, and so on down the list until a connection is established.
  • sticky—Specify that the router or switch first attempt to reconnect to the management server that it was last connected to. If the connection is unavailable, it attempts to establish a connection with the next client on the list and so forth until a connection is made.

retry—Number of keepalive messages the router or switch sends without receiving a response from the client before the current SSH connection is disconnected. The default is three messages.

secret—(Optional) Router’s or switch’s public SSH host key. If added to the outbound-ssh statement, during the initialization of the outbound SSH service, the router or switch passes its public key to the management server. This is the recommended method of maintaining a current copy of the router’s or switch’s public key.

timeout—Length of time that the JUNOS server waits for data before sending a keep alive signal. The default is 15 seconds.

When reconnecting to a client, the router or switch attempts to reconnect to the client based on the retry and timeout values for each client listed.

address—Hostname or the IPv4 address of the NSM application server. You can list multiple clients by adding each client’s IP address or hostname along with the following connection parameters:

  • port—Outbound SSH port for the client. The default is port 22.
  • retry—Number of times the router or switch attempts to establish an outbound SSH connection before giving up. The default is three tries.
  • timeout—Length of time that the router or switch attempts to establish an outbound SSH connection before giving up. The default is fifteen seconds.

filename—(Optional) By default, the filename of the log file used to record the trace options is the name of the traced process (for example, mib2d or snmpd). Use this option to override the default value.

files—(Optional) Maximum number of trace files generated. By default, the maximum number of trace files is 10. Use this option to override the default value.

When a trace file reaches its maximum size, the system archives the file and starts a new file. The system archives trace files by appending a number to the filename in sequential order from 1 to the maximum value (specified by the default value or the options value set here). Once the maximum value is reached, the numbering sequence is restarted at 1, overwriting the older file.

size—(Optional) Maximum size of the trace file in kilobytes (KB). Once the maximum file size is reached, the system archives the file. The default value is 1000 KB. Use this option to override the default value.

match—(Optional) When used, the system only adds lines to the trace file that match the regular expression specified. For example, if the match value is set to =error, the system only records lines to the trace file that include the string error.

services—Services available for the session. Currently, NETCONF is the only service available.

world-readable | no-world-readable—(Optional) Whether the files are accessible by the originator of the trace operation only or by any user. By default, log files are only accessible by the user that started the trace operation (no-world-readable).

all | configuration | connectivity—(Optional) Type of tracing operation to perform.

all—Log all events.

configuration—Log all events pertaining to the configuration of the router or switch.

connectivity—Log all events pertaining to the establishment of a connection between the client server and the router or switch.

no-remote-trace—(Optional) Disable remote tracing.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.


Published: 2010-04-26