新机房需要配置Juniper SRX 1500防火墙,需要使用ssh远程登录,还要禁止root登录,禁止password方式认证。
![]()
SRX
1500启动时可以看到,里边其实是个定制化的linux系统,因此,配置SSH的思路与linux无异,简单记录一下。
1. 在Linux主机上生成密钥对。
]# ssh-keygen -t rsa -b 2048
]# cat .ssh/id_rsa.pub
sh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCj/jLL8iy1BqZGLU1TPiKxwWjZ6OjSjoM4hdf0op/3NLsUmoR4hlzxEfPqbNyrvdCbvwCsJi1JgkKyJCvABt/78ItNBEid+rht7mRZDp/MfOX4oQOTywEsi3+AIT+h9tDRyQQ2lH3wVweU/SPr+vYxGumu1XDdaDhPK7EB+Abd594nPmleWyS+ynoo1tPw0FTU79Jb2+T2rnEVcOkKbB4Qqwp3nU42vmM0Dc+f4tpceLTO0VOSRBUfGKLyWTbLentP4VJTeDXWMv/nBPqJ1tha4CJSzICMsJdgENFp0ZatfRTWE12CViAKQUagDytJiRgUc25hjPFdX
root@localhost.local
2. 在juniper SRX 1500上
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication ssh-rsa
"AAAAB3NzaC1yc2EAAAADAQABAAABAQCj/jLL8iy1BqZGLU1TPiKxwWjZ6OjSjoM4hdf0op/3NLsUmoR4hlzxEfPqbNyrvdCbvwCsJi1JgkKyJCvABt/78ItNBEid+rht7mRZDp/MfOX4oQOTywEsi3+AIT+h9tDRyQQ2lH3wVweU/SPr+vYxGumu1XDdaDhPK7EB+Abd594nPmleWyS+ynoo1tPw0FTU79Jb2+T2rnEVcOkKbB4Qqwp3nU42vmM0Dc+f4tpceLTO0VOSRBUfGKLyWTbLentP4VJTeDXWMv/nBPqJ1tha4CJSzICMsJdgENFp0ZatfRTWE12CViAKQUagDytJiRgUc25hjPFdX
root@localhost.local"
set system services ssh root-login
deny
set system services ssh no-passwords
3.使用sercucrt,putty之类的客户端,选择密钥登录即可。
参考文档:
https://pileofbits.com/2013/03/11/junos-ssh-key-authentication/
