[j-nsp] protect ssh and telnet
Vincent Bernat
bernat at luffy.cx
Tue Apr 5 14:39:01 EDT 2016
❦ 5 avril 2016 11:58 -0400, Phil Shafer <phil at juniper.net> :
> Apologies. I shot my mouth off. JUNOS does not currently support
> this. And RADIUS, being cleartext, is not suitable.
>
> LDAP (w/ SSL) would be a better solution, using something like:
>
> https://github.com/AndriiGrytsenko/openssh-ldap-publickey
>
> which plugs into openssh using the "AuthorizedKeysCommand" sshd_config
> statement. But JUNOS doesn't ship openldap, so the only way to
> make this work would be an external web server can proxies requests
> into LDAP. The AuthorizedKeysCommand would be a script that makes
> the HTTP request and formats the results. The above LPK script
> could be put inside a perl web framework like Mojolicious.
Are we allowed to modify manually the /var/etc/sshd_conf file? Moreover,
I suppose it could be rewritten on each commit by mgd.
--
Nothing so needs reforming as other people's habits.
-- Mark Twain
More information about the juniper-nsp
mailing list