Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How To: Configure SSH V2 Management on Juniper Firewall

0

0

Article ID: KB6713 KB Last Updated: 20 Mar 2020Version: 6.0
Summary:
How To: Configure SSH V2 Management on NetScreen, ISG, or SSG
Symptoms:
  • How To: Configure SSH V2 Management on NetScreen, ISG, or SSG
  • Can't SSH to Juniper Firewall.  It reports 'connecting', and no login prompt is displayed.
  • WebUI only shows "Enable SSH (V1)"
Solution:
Converting from SSH V1 to SSH V2 can only be done via Command Line Interface, and using a root admin account.

First, if SSH v1 was initially configured on the firewall, then all SSH keys from version 1 must be deleted.  This can be done using the command "delete ssh device all".
Example:
350-2-> delete ssh device all 
Delete ssh sessions
...
Save System Configuration  ... 
Done
SSH disabled for vsys: 1
PKA keys deleted from device: 0
PKA certificates unbound from admin accounts: 0...
Host keys deleted from device: 1
...
Host keys deleted from device: 1
Execute the 'set ssh version v2' command to activate SSH v2 for the device.
Example:    
350-2-> set ssh version v2
SSH version 2 has been activated.
Execute the 'set ssh enable' command to enable SSH for a vsys.
Then, enable SSH:
350-2-> set ssh enable 

View the SSH configurations settings with the command 'get ssh'.  Note that it should report it is 'active' and 'enabled':
350-2-> get ssh 
SSH V2 is active
SSH is enabled
SSH is ready for connections
Maximum sessions: 6
Active sessions: 0

Admin      Ip Addr         Vsys       Auth Method  Service
---------- --------------- ---------- ------------ --------
 Enable SSH on the interface(s) on which the SSH client will connect:
 
250-2-> set interface <int name> manage ssh

 
Note:  Basic SSH Configuration Example in Technical Documentation

ScreenOS  Concepts & Examples ScreenOS Reference Guide, Volume 3: Administration
Refer to the section:  Basic SSH Configuration on the Device
Modification History:
2020-03-20: Minor, non-technical update.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search