[j-nsp] root-login via ssh and 11.x

Nick Kritsky nick.kritsky at gmail.com
Tue Jun 26 11:32:28 EDT 2012


To all:
sorry for misinformation. It looks like change in root authentication
behavior was caused not by JunOS upgrade, but by change from
"system authentication-order [ tacplus password ]"
to
"system authentication-order tacplus"

I have to be more careful.
Still, I can't understand the logic behind this.
"system authentication-order [ tacplus password ]" == root can login
"system authentication-order tacplus" == root cannot login
"system authentication-order tacplus" + "system services ssh
root-login allow" == root can login

Nick

On Tue, Jun 26, 2012 at 4:51 PM, Wayne Tucker <wayne at tuckerlabs.com> wrote:
> On Tue, Jun 26, 2012 at 5:09 AM, Nick Kritsky <nick.kritsky at gmail.com>wrote:
>
>> FYI: It looks like in version 11 Juniper has changed default settings
>> for "system services ssh root-login".
>> Now if you want to login as root via ssh, you have to explicitly allow
>> it. in 10.X it was allowed by default.
>> Tested on EX-4200, SRX-100.
>
>
> I can't reproduce this on any of these:
>
> EX4200 running 11.4R2
> EX4200 running 11.3R6
> SRX240 running 11.2R6
> SRX240 running 11.2S6
> MX80 running 11.4R3
>
> Are you using a RADIUS server?  What setting are you using for
> system/authentication-order, if any?
>
> :w
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list