Technical Documentation

Configuring NETCONF-Over-SSH Connections on a Specified TCP Port

The JUNOS Software enables you to restrict incoming NETCONF connections to a specified TCP port without configuring a firewall. To configure the TCP port used for NETCONF-over-SSH connections, include the port statement at the [edit system services netconf ssh] hierarchy level. The configured port accepts only NETCONF-over-SSH sessions. Regular SSH session requests for this port are rejected.

You can either configure the default port 830 for NETCONF connections over SSH, as specified in RFC 4742, Using the NETCONF Configuration Protocol over Secure Shell (SSH), or configure any port from 1 through 65535.

  • The default SSH port (22) continues to accept NETCONF sessions even with a configured NETCONF server port. To disable the SSH port from accepting NETCONF sessions, specify this in the login event script.
  • We do not recommend configuring the default ports for FTP (21) and Telnet (23) services for configuring NETCONF-over-SSH connections.

Published: 2010-04-26