[j-nsp] ssh-key issue / MX 16.1R5

Antti Ristimäki antti.ristimaki at csc.fi
Mon Apr 9 03:01:33 EDT 2018


Hi list,

Returning to this past thread. We are seeing this issue also with 18.1, at least with MX10k with dual RE, where the $USER/.ssh directory is chown'ed to root during RE switchover. The directory can be chown'ed back to $USER for example by deleting and re-adding [system services ssh]. Further, when adding a new user account with, let's say super-user login class, the $USER/.ssh directory is initially created with root ownership, whereas for read-only user account the file permissions are initially correct.

We've opened a case. It is good to be aware of this issue as this can make your router unmanageable if SSH password authentication is disabled, unless an OOB console access is available.

-antti

----- On 30 Jan, 2018, at 13:06, Theo Voss mail at theo-voss.de wrote:

> Hi all,
> 
> we're facing a weird ssh-key issue on MX platform running 16.1R5. When
> configuring users with ssh-key authentication the key based login initially
> works perfectly. But after a random timeframe password authentication is
> required upon login. I've checked the PR database for "ssh" and "key" keywords
> without result for our version/platform combination. If we commit "set system
> services ssh no-public-keys" and rollback, it works again for a limited
> timeframe. As the affected device has no support I'm unable to open a case.
> 
> Has anybody seen this behavior before?
> 
> Thanks in advance.
> 
> Best regards,
> Theo Voss
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> --


More information about the juniper-nsp mailing list