[j-nsp] protect ssh and telnet
Saku Ytti
saku at ytti.fi
Tue Apr 5 14:22:35 EDT 2016
On 5 April 2016 at 21:10, Tom Storey <tom at snnap.net> wrote:
Hey Tom,
> Wouldnt that assume that you always access your REs inband, therefore
> only ever connecting to the master? What if you access them out of
> band via their ethernet ports. Each RE then needs its own unique key?
I don't use on-band MGMT ethernets, I think they are actively harmful
(not JNPR specific statement).
But my recallection seems to be, that they do share state, so em0/fxp0
is always one specific port on active RE, and that you cannot SSH into
the backup em07/fxp0. But take that with boatload of salt.
--
++ytti
More information about the juniper-nsp
mailing list