[j-nsp] Public Looking Glass Template

Brad Fleming bdflemin at gmail.com
Wed Oct 13 18:53:41 EDT 2010


I'm thinking of using a smaller SRX for public telnet/ssh access to  
run some basic commands at a CLI (show route, traceroute). Does anyone  
do similar and would be willing to share their system->login->class  
configuration?

I can get the box limited down to only the 4 to 5 commands I want to  
allow by using a regex filter on the login class but issuing a "?" at  
the default prompt takes 3-4 *minutes* to return results. I'll include  
my configuration since it seems likely I made a mistake. Thanks in  
advance for any suggestions.

--- JUNOS 10.0R3.10 built 2010-04-16 08:47:35 UTC
brad at host> show configuration system login class guests
idle-timeout 1;
permissions network;
allow-commands "show route";
deny-commands "^telnet.*$|^ssh.*$|^op.*$|^file.*$|^request.*$|^start.* 
$|^show route ccc.*$|^show route export.*$|^show route flow.*$|^show  
route forwarding-table.*$|^show route label.*$|^show route label- 
switched-path.*$|^show route output.*$|^resolution.*$|^show route  
snooping.*$|^show route source-gateway.*$|^show route active-path.*$| 
^ping.*$|^mtrace.*$|^load.*$|^test.*$|^set.*$|^save.*$";


More information about the juniper-nsp mailing list