[j-nsp] protect ssh and telnet
Patrick Okui
pokui at psg.com
Tue Apr 5 04:52:32 EDT 2016
On 5 Apr 2016, at 5:23 EAT, Phil Shafer wrote:
> Aaron writes:
>> I'm new to Juniper. and I'm looking to protect ssh/telnet on all interfaces
>> on my juniper ACX5048's.
>
> First comment is: if you want security, don't allow telnet.
> Force the use of ssh.
>
> Me, I don't even like allowing passwords. JUNOS now supports the "system services ssh no-passwords" knob to force the use of ssh keys over text passwords. And your radius server will happily serve ssh keys. Force the move away from passwords.
Do you have documentation on how to do this? I have looked through the cymru docs and they don’t say how to serve the SSH key from radius.
--
patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20160405/a7cc2a9f/attachment.sig>
More information about the juniper-nsp
mailing list