[j-nsp] limiting SSH public key authentication

Phil Shafer phil at juniper.net
Mon Dec 20 13:18:49 EST 2004


Daniel Verlouw writes:
>noc at nlambrt1# set ssh-dsa "from=\"192.168.0.1\" ssh-dss <public key in 
>here> user at machine"
>Key format must be 'ssh-dss <base64-encoded-DSA-key> <comment>'
>error: statement creation failed: ssh-dsa
>
>Is this simply a CLI parsing limitation or does the JUNOS sshd not 
>support this option at all?

This error is reported when the ssh key fails our base64 encoding test.

There's a "from" statement that can be configured under any ssh key
to limit access.  It was added 2002-08-28, so it should be in any
sw image you are running.

    [edit system login user phil authentication]
    root at dent# show 
    ssh-rsa "1024 35 secret phil at juniper.net" from 10.1.2.3; ## SECRET-DATA

Thanks,
 Phil


More information about the juniper-nsp mailing list