Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] Understanding local Login Authentication

0

0

Article ID: KB35988 KB Last Updated: 23 Jul 2020Version: 1.0
Summary:

The article explains login authentication on Junos devices.

Solution:

In order to log in on a device, the system must recognize the username and password. In the authentication process, the system must first recognize the username and then the password. If the username is not recognized, it still allows you to enter the password (even if the username is invalid) and once it detects the username password combination is invalid, it gives the "Login Incorrect" message. 

Example:

Consider lab555 and root are valid usernames that have passwords created for login on the device. user1 is an invalid user in the below example.

FreeBSD/amd64 (Amnesiac) (ttyu0)
login: user1
Password:
Login incorrect
login: lab555
Password:
Login incorrect
login: root
Password:

Last login: Sat Oct 13 04:10:30 on ttyu0

Log Messages:

root> show log messages | last 100
...................
Oct 16 07:30:18   login[20694]: LOGIN_PAM_AUTHENTICATION_ERROR: Failed password for user user1 <--- user1 (incorrect user)
Oct 16 07:30:18   login[20694]: LOGIN_FAILED: Login failed for user user1 from host ttyu0
Oct 16 07:30:25   login[20694]: Login attempt for user lab555 from host[unknown]
Oct 16 07:30:25   login[20694]: 1 LOGIN FAILURE ON ttyu0
Oct 16 07:30:25   login[20694]: 1 LOGIN FAILURE ON ttyu0, user1
Oct 16 07:30:27   login[20694]: LOGIN_PAM_AUTHENTICATION_ERROR: Failed password for user lab555 <--- Invalid password
Oct 16 07:30:27   login[20694]: LOGIN_FAILED: Login failed for user lab555 from host ttyu0
Oct 16 07:30:35   login[20694]: Login attempt for user root from host [unknown]
Oct 16 07:30:35   login[20694]: 1 LOGIN FAILURE ON ttyu0
Oct 16 07:30:35   login[20694]: 1 LOGIN FAILURE ON ttyu0, lab555
Oct 16 07:30:39   login[20694]: LOGIN_INFORMATION: User root logged in from host [unknown] on device ttyu0
Oct 16 07:30:39   login[20694]: LOGIN_ROOT: User root logged in as rootfrom host [unknown] on device ttyu0


As you can see from above, the three login attempts:

  1. For user user1, which failed: Although the username is invalid and not recognized, the system allows the user to enter the password and then tries to find a username and password match.

    Oct 16 07:30:16   login: Login attempt for user user1 from host [unknown]
    Oct 16 07:30:18   login[20694]: LOGIN_PAM_AUTHENTICATION_ERROR: Failed password for user user1
    Oct 16 07:30:18   login[20694]: LOGIN_FAILED: Login failed for user user1 from host ttyu0
    ...
    Oct 16 07:30:25   login[20694]: 1 LOGIN FAILURE ON ttyu0
    Oct 16 07:30:25   login[20694]: 1 LOGIN FAILURE ON ttyu0, user1
  2. For user lab555, which also failed: Here, although the username lab555 is valid, when the user feeds an invalid password, the login attempt is not successful. 

    Oct 16 07:30:25   login[20694]: Login attempt for user lab555 from host[unknown]
    .....................
    Oct 16 07:30:27   login[20694]: LOGIN_PAM_AUTHENTICATION_ERROR: Failed password for user lab555
    Oct 16 07:30:27   login[20694]: LOGIN_FAILED: Login failed for user lab555 from host ttyu0
    Oct 16 07:30:35   login[20694]: Login attempt for user root from host [unknown]
    Oct 16 07:30:35   login[20694]: 1 LOGIN FAILURE ON ttyu0
    Oct 16 07:30:35   login[20694]: 1 LOGIN FAILURE ON ttyu0, lab555
  3. For user root, that is a known user, with a valid password, login becomes successful:

    Oct 16 07:30:39   login[20694]: LOGIN_INFORMATION: User root logged in from host [unknown] on device ttyu0
    Oct 16 07:30:39   login[20694]: LOGIN_ROOT: User root logged in as root from host [unknown] on device ttyu0

Since in the above example, we have logged in, directly from the console, we see the ttyu0 device in the logs (both for the successful and the 2 failed attempts). Either via ssh or console connection, you will not see anything in the logs related to the password used for authentication by the user. 

Here, host ttyu0 is referring to the serial terminal (console), not to an actual host, and [unknown] represents a general reference for a user not known by the system or the network.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search