Knowledge Search


×
 

How To: Configure SSH V2 Management on Juniper Firewall

  [KB6713] Show Article Properties


Summary:
How To: Configure SSH V2 Management on NetScreen, ISG, or SSG
Symptoms:
Symptoms:

  • How To: Configure SSH V2 Management on NetScreen, ISG, or SSG
  • Can't SSH to Juniper Firewall.  It reports 'connecting', and no login prompt is displayed.
  • WebUI only shows "Enable SSH (V1)"
Cause:

Solution:
Converting from SSH V1 to SSH V2 can only be done via Command Line Interface, and using a root admin account.

First, if SSH v1 was initially configured on the firewall, then all SSH keys from version 1 must be deleted.  This can be done using the command "delete ssh device all".
Example:
    ns-> delete ssh device all
    .
    SSH disabled for vsys: 1

    PKA keys deleted from device: 0
    .
    Host keys deleted from device: 1


Execute the 'set ssh version v2' command to activate SSH v2 for the device.
Example:
    ns5-> set ssh version v2
    SSH version 2 has been activated.



Then, enable SSH:
    ns-> set ssh enable


View the SSH configurations settings with the command 'get ssh'.  Note that it should report it is 'active' and 'enabled':
ns-> get ssh
SSH V2 is active
SSH is enabled
SSH is ready for connections
Maximum sessions: 3
Active sessions: 1

Admin      Ip Addr         Vsys       Auth Method Service
---------- --------------- ---------- ----------- --------

 

Enable SSH on the interface(s) on which the SSH client will connect:

ns-> set int <int name> manage ssh





Note:  Basic SSH Configuration Example in Technical Documentation

ScreenOS  Concepts & Examples ScreenOS Reference Guide, Volume 3: Administration
Refer to the section:  Basic SSH Configuration on the Device

ScreenOS 5.4:  http://www.juniper.net/techpubs/software/screenos/screenos5.4.0/CE_v3.pdf

ScreenOS 6.2:  http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/ce_v3.pdf
Related Links: