[j-nsp] ssh-key issue / MX 16.1R5

Theo Voss mail at theo-voss.de
Wed Jan 31 03:17:20 EST 2018


Thanks for your replies.

I've checked the /var/home/.ssh/ folders. Even if keys are configured within Junos, there is no "authorized_keys" file on the affected routers. If I remove the key from config or set "no-public-keys" and rollback, the file is created and authentication works. Problem is independent of key-type and key-length. Seems like the auth_keys file gets deleted by whatever - anyone seen this before?

Best regards,
Theo Voss

Am 30.01.18, 12:35 schrieb "juniper-nsp im Auftrag von Daniel Suchy" <juniper-nsp-bounces at puck.nether.net im Auftrag von danny at danysek.cz>:

Looks like you have some problems with key stored within
~/.ssh/authorized_keys (which is createdy by junos from router config),
probably there'll be bad permissions on that file (or something changes
them during random time period).

On 01/30/2018 12:06 PM, Theo Voss wrote:
> Hi all,
> 
> we're facing a weird ssh-key issue on MX platform running 16.1R5. When configuring users with ssh-key authentication the key based login initially works perfectly. But after a random timeframe password authentication is required upon login. I've checked the PR database for "ssh" and "key" keywords without result for our version/platform combination. If we commit "set system services ssh no-public-keys" and rollback, it works again for a limited timeframe. As the affected device has no support I'm unable to open a case. 
> 
> Has anybody seen this behavior before? 
> 
> Thanks in advance.
> 
> Best regards,
> Theo Voss
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list