Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Checksum Hashes for an Op Script

You can configure one or more checksum hashes that can be used to verify the integrity of a local op script before the script runs on the switch, router, or security device.

To configure a checksum hash:

  1. Create the script.
  2. Place the script in the /var/db/scripts/op directory on the device.
  3. Run the script through one or more hash functions to calculate hash values.

    Starting in Junos OS Release 18.2R2 and 18.3R1, Junos OS supports only the SHA-256 hash function for configuring script checksum hashes. Earlier releases support the MD5, SHA-1, and SHA-256 hash functions.

  4. Configure the script and the checksum statement for one or more hash values.

    During the execution of the script, Junos OS recalculates the checksum value using the configured hash algorithm and verifies that the calculated value matches the configured value. If the values differ, the execution of the script fails. When you configure multiple checksum values with different hash algorithms, all the configured values must match the calculated values; otherwise, the script execution fails.

Note:

If the op script is stored remotely, do not include the checksum statement in the configuration. You can verify the script’s integrity before it runs by specifying the hash value on the command line when you run the op command with the url option and the key option.

Related Documentation

Release History Table
Release
Description
18.3R1
Starting in Junos OS Release 18.2R2 and 18.3R1, Junos OS supports only the SHA-256 hash function for configuring script checksum hashes.