[j-nsp] Public Looking Glass Template
Brad Fleming
bdflemin at gmail.com
Wed Oct 13 18:53:41 EDT 2010
I'm thinking of using a smaller SRX for public telnet/ssh access to
run some basic commands at a CLI (show route, traceroute). Does anyone
do similar and would be willing to share their system->login->class
configuration?
I can get the box limited down to only the 4 to 5 commands I want to
allow by using a regex filter on the login class but issuing a "?" at
the default prompt takes 3-4 *minutes* to return results. I'll include
my configuration since it seems likely I made a mistake. Thanks in
advance for any suggestions.
--- JUNOS 10.0R3.10 built 2010-04-16 08:47:35 UTC
brad at host> show configuration system login class guests
idle-timeout 1;
permissions network;
allow-commands "show route";
deny-commands "^telnet.*$|^ssh.*$|^op.*$|^file.*$|^request.*$|^start.*
$|^show route ccc.*$|^show route export.*$|^show route flow.*$|^show
route forwarding-table.*$|^show route label.*$|^show route label-
switched-path.*$|^show route output.*$|^resolution.*$|^show route
snooping.*$|^show route source-gateway.*$|^show route active-path.*$|
^ping.*$|^mtrace.*$|^load.*$|^test.*$|^set.*$|^save.*$";
More information about the juniper-nsp
mailing list