[j-nsp] protect ssh and telnet

Saku Ytti saku at ytti.fi
Tue Apr 5 14:22:35 EDT 2016


On 5 April 2016 at 21:10, Tom Storey <tom at snnap.net> wrote:

Hey Tom,

> Wouldnt that assume that you always access your REs inband, therefore
> only ever connecting to the master? What if you access them out of
> band via their ethernet ports. Each RE then needs its own unique key?

I don't use on-band MGMT ethernets, I think they are actively harmful
(not JNPR specific statement).

But my recallection seems to be, that they do share state, so em0/fxp0
is always one specific port on active RE, and that you cannot SSH into
the backup em07/fxp0. But take that with boatload of salt.


-- 
  ++ytti


More information about the juniper-nsp mailing list