Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Authentication and Access Control

  • SSH enhancements for algorithm configuration (all Junos OS platforms)—We've made the following updates to SSH algorithms:

    • The CLI command set system services ssh ca-signature-algorithms should be used to configure the signature algorithms that are allowed for certificate authorities (CAs) to use when signing certificates.

    • Under the system services ssh hostkey-algorithm-list hierarchy level, new options are introduced:

      • set system service ssh hostkey-algorithm-list rsa-sha2-256

      • set system service ssh hostkey-algorithm-list rsa-sha2-512

      These options enable RSA hostkey signatures using the SHA-256 hash algorithm and SHA-512 hash algorithm.

    • RSA signatures using the SHA-1 hash algorithm have been disabled by default. Consequently, the CLI command set system services ssh hostkey-algorithm-list rsa has been deprecated.

    [See hostkey-algorithm-list.]