Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Network Device Collaborative Protection Profile Authorized Administrator in FIPS Mode

An NDcPPv2.2e-authorized administrator must have all the permissions, including the ability to change the device configuration.

To configure an authorized administrator:

  1. Create a login class named security-admin with all the permissions.
  2. Configure the hashed algorithm for plain-text passwords as sha512.
  3. Commit the changes.
  4. Define the NDcPPv2.2e-authorized administrator.

    Or

  5. Load an SSH key file that was previously generated using ssh-keygen. This command loads RSA (SSHv2), or ECDSA (SSHv2).
  6. Set the log-key-changes configuration statement to log all instances of addition or removal of SSH authentication keys.

    When you enable and commit the log-key-changes statement, Junos OS logs the changes to the set of authorized SSH keys for each user (including the added or removed keys). Junos OS logs the differences since the last time you enabled the log-key-changes configuration statement. If you never enabled the log-key-changes configuration statement, then Junos OS logs all the authorized SSH keys.

  7. Commit the changes.

For details on how to start with shell mode, see Overview for Junos OS Guide.

Note:

You must reset the root password when you change the sha256 or sha512 for the password storage format. This step protects the new password using the sha256 or sha512 hash algorithm. To reset the root password, use the set system root-authentication plain-text-password command, and confirm the new password when prompted.