Knowledge Search


How To: Configure SSH V2 Management on Juniper Firewall

  [KB6713] Show Article Properties

How To: Configure SSH V2 Management on NetScreen, ISG, or SSG

  • How To: Configure SSH V2 Management on NetScreen, ISG, or SSG
  • Can't SSH to Juniper Firewall.  It reports 'connecting', and no login prompt is displayed.
  • WebUI only shows "Enable SSH (V1)"

Converting from SSH V1 to SSH V2 can only be done via Command Line Interface, and using a root admin account.

First, if SSH v1 was initially configured on the firewall, then all SSH keys from version 1 must be deleted.  This can be done using the command "delete ssh device all".
    ns-> delete ssh device all
    SSH disabled for vsys: 1

    PKA keys deleted from device: 0
    Host keys deleted from device: 1

Execute the 'set ssh version v2' command to activate SSH v2 for the device.
    ns5-> set ssh version v2
    SSH version 2 has been activated.

Then, enable SSH:
    ns-> set ssh enable

View the SSH configurations settings with the command 'get ssh'.  Note that it should report it is 'active' and 'enabled':
ns-> get ssh
SSH V2 is active
SSH is enabled
SSH is ready for connections
Maximum sessions: 3
Active sessions: 1

Admin      Ip Addr         Vsys       Auth Method Service
---------- --------------- ---------- ----------- --------


Enable SSH on the interface(s) on which the SSH client will connect:

ns-> set int <int name> manage ssh

Note:  Basic SSH Configuration Example in Technical Documentation

ScreenOS  Concepts & Examples ScreenOS Reference Guide, Volume 3: Administration
Refer to the section:  Basic SSH Configuration on the Device

ScreenOS 5.4:

ScreenOS 6.2:
Related Links: