2.1.8 Juniper
We always recommend a system administrator defer to the vendor’s official documentation on credential creation. Please follow the vendor’s instructions for configuring the device for access with an ssh key, and then use the Indeni WebGUI to store the Private key in the relevant Credential Profile.
In order for the Indeni User to monitor a Juniper SRX properly, two steps must be completed on the SRX.
STEP 1: Enable SSH for Scripting Access.
STEP 2: Create a Locally Authenticated Indeni User with Administrator Rights.
How to Enable SSH for Scripting Access
First, verify SSH is configured via the CLI by entering the following command: “show configuration system services”
You should see the following SSH protocol present:
ssh {
protocol-version v2;
}
If SSH is not configured correctly, then enter the following commands in configuration mode:
“set system services ssh protocol-version v2”
“commit”
PLEASE NOTE: If access to the SRX is firewalled, SSH must be allowed from the Indeni server via the firewall.
To verify and/or enable SSH is enabled via the J-Web interface, please see the following:
- Configure → System Properties → Management Access
- Click Edit button on the right upper corner
- Check Enable SSH box (if not already checked)
- Click OK
Select commit from Actions pull down menu to activate the configuration.
How to Create a User with Administrator Rights
A locally authenticated User account with administrative privileges is required for Indeni to access SRX devices. Please note that the “root” account cannot be used for this purpose.
Creating the User Account via the CLI
Enter the following commands in configuration mode:
“set system login user indeni-user class super-user”
“set system login user indeni-user authentication plain-text-password”
New password: ********
Retype new password ********
“commit”
To verify that the user configuration is completed, enter the following in operational mode:
“show configuration system login”
Below is the expected output:
user indeni-user {
uid XXXX;
class super-user;
authentication {
encrypted-password “XXXXXXXXXXX”; ## SECRET-DATA
}
Creating a User Account via J-Web
- Select Configuration → System Properties → User Management
- Click Edit on the right upper corner:
- Click Add button to add a new account.
- Ensure that the “Login class” is “super-user”.
- Click OK to add the new account:
- Verify the account appears as below:
- Select commit from Actions pull down menu to activate the configuration.
- Test the newly created account from a remote system, then enter the following command: “ssh indeni-admin@srx-jfw“Below is the expected output:
UNAUTHORIZED USE OF THIS SYSTEM
IS STRICTLY PROHIBITED!
Password: **********— JUNOS 12.1X46-D65.4 built 2016-12-30 01:34:30 UTC
indeni-admin@SRX-JFW>
Frequently Asked Questions
We currently do not have FAQ’s generated around this device at this time. If you have questions, or suggestions for FAQ’s, please join us on our Community and ask there. Your feedback is greatly appreciated!