[j-nsp] protect ssh and telnet

Vincent Bernat bernat at luffy.cx
Tue Apr 5 14:39:01 EDT 2016


 ❦  5 avril 2016 11:58 -0400, Phil Shafer <phil at juniper.net> :

> Apologies.  I shot my mouth off.  JUNOS does not currently support
> this.  And RADIUS, being cleartext, is not suitable.
>
> LDAP (w/ SSL) would be a better solution, using something like:
>
>     https://github.com/AndriiGrytsenko/openssh-ldap-publickey
>
> which plugs into openssh using the "AuthorizedKeysCommand" sshd_config
> statement.  But JUNOS doesn't ship openldap, so the only way to
> make this work would be an external web server can proxies requests
> into LDAP.  The AuthorizedKeysCommand would be a script that makes
> the HTTP request and formats the results.  The above LPK script
> could be put inside a perl web framework like Mojolicious.

Are we allowed to modify manually the /var/etc/sshd_conf file? Moreover,
I suppose it could be rewritten on each commit by mgd.
-- 
Nothing so needs reforming as other people's habits.
		-- Mark Twain


More information about the juniper-nsp mailing list