RE: [j-nsp] On the Junipers you can ssh as root.

From: Stacy W. Smith (stacy@conxion.net)
Date: Wed Mar 21 2001 - 14:09:32 EST


At 12:45 PM 3/21/2001 -0500, Daniel Golding wrote:
>2) There is no way to properly account for root access on a Juniper, UNLESS
>you are forced to Radius authenticate with your own username, then either
>sudo, or su to root.

Assuming:

1) you use "authentication-order radius;"
2) you do not have a "root" account in your RADIUS database
3) the RADIUS server is reachable.

The you can not SSH into the router as root. When the RADIUS server becomes unreachable, you can log in as root.

Does that satisfy your requirement?

--Stacy

From jared@puck.neth¬óÅ;et
Received: (from jared@localhost)
        by puck.nether.net (8.11.1/8.9.3) id f2LKN0425814
        for junipe¬óÅ;p@localhost1/8.9.3) idI
        (envelope-from jared)
Resent-Message-Id: <200103212023.f2LKN0425814@puck¬óÅ;he
Received: (from slist@localhost)
        by puck.nether.net (8.11.1/8.9.3) id f2LKMdr25738;
        Wed, 21 Mar 2001 15:22:39 -05¬óÅ;(e
Date: Wed, 21 Mar 2001 15:22:39 -0500
X-From_: ronjeremy@raemail.com We¬óÅ;r
Received: from someone claiming to be
        herbie.raeinternet.com ([206.112.75.185])
        by puck.nether.net (8.¬óÅ;/8
        for <juniper-nsp@puck.nether.net>; Wed, 21 Mar 2001 15:22:38 -0500
        (envelope-from ronjer¬óÅ;ra
Received-Date: Wed, 21 Mar 2001 15:22:38 -0500
Received: (qmail 27967 invoked by uid 511); 21 Mar 2001 20:15:27¬óÅ;00
From: "ronjeremy" <ronjeremy@raemail.com>
To: juniper-nsp¬óÅ;k.
Old-Date: Wed, 21 Mar 2001 20:15:27 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso¬óÅ;9-
ContEnt-Transfer-Encoding: 7bit
X-Diagnostic: Not on the accept list
X-Envelope-To: juniper-nsp
Resent-From: jared@puck¬óÅ;he
REsent-Date: Wed, 21 Mar 2001 15:23:00 -0500
Resent-To: juniper-nsp@puck.nether.net
Subject: [j-nsp] 48 port line ca¬óÅ;
d
months or do i need to front end with 6500?

From jesper@skriver.¬óÅ;We
Received: from someone claiming to be
        freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97])
        by ¬óÅ;.n
        for <juniper-nsp@puck.nether.net>; Wed, 21 Mar 2001 15:27:06 -0500
        (¬óÅ;lo
Received-Date: Wed, 21 Mar 2001 15:27:06 -0500
Received: by freesbee.wheel.dk (Postfix, from us¬óÅ; 1
        iD C93715D60; Wed, 21 Mar 2001 21:27:04 +0100 (CET)
Date: Wed, 21 Mar 2001 21:27:04 +0100
From: Jesper Skriver <jesp¬óÅ;kr
To: ronjeremy <ronjeremy@raemail.com>
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] 48 port line cards
Mes¬óÅ;-I
References: <20010321201527.27966.qmail@herbie.raeinternet.com>
Mime-Version: 1.0
Co¬óÅ;t-
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010321201527.27966.¬óÅ;l@herbie.raeinternet.come 
X-PGP-Fingerp
X-PGP-Public-Key: http://freesbee.wheel.dk/

On Wed, Mar 21, 2001 at ¬óÅ;2:
> does Juniper have plans for a 48 port line card shortly - need in next 2
> months or do i ¬óÅ; t

A 48 port what ?

Given you say a 6500, I assume you mean a Cisco catalyst 6500, so you're
talking¬óÅ;ut

Juniper normally doesn't tell about new stuff before it's available, but
I cannot see why thféÅ;ho
o

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #545Private: FreeBSD committer @ AS2109 (A much smaller network ;-)

One Unix to rule them all, One Resolver tOne IP to bring them all and in the zone to bind them.



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:41 EDT