Configuring Remote Login

[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Remote Login
From the NMC-RX application, you can log in to E-series routers remotely through Telnet or SSH. The selection of either Telnet or SSH is an NMC-RX application-wide setting and is accessible only to users with security privileges. Although the NMC-RX application automatically defaults to Telnet, SSH is considered a more secure alternative to Telnet for logging in to E-series routers remotely.

Because there are a variety of SSH products and implementations, the NMC-RX application provides administrators with the flexibility to specify the desired command line and options for their SSH implementation. Administrators can specify the relationship between an individual NMC-RX user and an SSH session.

If you select SSH as your remote login choice, you must:

Configure SSH on your E-series router. For more information, see JUNOSe System Basics Configuration Guide, Chapter 6, Passwords and Security.

Determine your Telnet policy before you configure SSH on your E-series router. Effective use of SSH implies that you severely limit Telnet access to the system.

Obtain and install a commercial SSH client on the same machine on which you are running the NMC-RX application.

Install and configure a RADIUS server on a host machine before you configure SSH on your E-series router. Refer to your RADIUS server documentation for information about choosing a host machine and installing the server hardware.

Configure the RADIUS client on your E-series router. To configure RADIUS through the NMC-RX application, see Configuring RADIUS Servers in NMC-RX User Guide, Vol. 2, Chapter 3, Configuring Virtual Routers. For additional information about RADIUS, see the JUNOSe Broadband Access Configuration Guide.

This section provides procedures for the three tasks that are associated with configuring remote login:

Set the SSH username source in the Create User Profile dialog box.

Set the remote login settings.

Test the remote login action that you specify.

Setting SSH Username Source

When SSH is the remote login type, users with security privileges must set this field to assign every user a username source for remote logins.

To set an SSH username source:

From the Configuration menu in either the Network Workshop or the Device Workshop, select Create, and click User Profiles.

The Create User Profile dialog box appears.
Set the parameters (Table 25).

When modifying the user that is set as the Config Sync Services user or the Polling Service user, all Config Sync Services or the Polling Service are updated with the SNMP settings for the configured user. You cannot remove a user who is set as a Config Sync Services user or a Polling Service user.
 Table 26:  User Profile Parameters 

 Parameter
 Description

 User Name

 Name of the user for whom you are creating a user profile. The user name must be from 2 to 32 alphanumeric characters.


 User Authentication

 User Authentication Mode

 Method by which user logins are authenticated: either locally or with a RADIUS server by default. You can modify per user profile.


 Test Login

 When enabled (checked) and user authentication mode is set to RADIUS, the remote login action is tested.


 User Password

 Password that you use for remote log in. The password must be from 6 to 16 alphanumeric characters.


 Re-enter Password

 Validation of User Password.


 User Privilege

 Privilege Settings

 Privileges that are assigned to a user:

   Security—Allows access to all application-specific settings; default: unchecked (disabled)
   Maintenance—Allows access to all device-specific settings or features; default: unchecked (disabled)



 Device Administration

 Privilege settings that are assigned to a user:

   View—Indicates whether you have access to view the configuration of a device;default: checked (enabled)
   Create—Indicates whether you have access to create configurations on a device; default: unchecked (disabled)
   Configure—Indicates whether you have access to configure the configuration of a device;default: unchecked (disabled)
   Delete—Indicates whether you have access to delete device configurations;default: unchecked (disabled)
   Execute—Indicates whether you have access to execute some device actions, such as ping, ATM ping, remote login, and traceroute;default: unchecked (disabled)



 User Preferences

 Single Click Object View

 Lets you view objects with one right-click of the mouse.


 SNMP Community Strings

 Read Only

 Read-only access to the entire management information base (MIB) except for SNMP configuration objects.


 Read Write

 Read-write access to the entire MIB except for SNMP configuration objects.


 Admin

 Read-write access to the entire MIB.


 Remote Login

 SSH User Name Source


   NMC-RX User Name—Select if you always want to use the NMC-RX username as the SSH username source. This is the default.
   Other User Name—Select if you want to use a username other than the NMC-RX username as the SSH username source. When selected, the text box to the right of the field is active and you can edit the text. 

 Type the user name in the text box. The username can be from 1 to 128 characters.
To create the user profile and save the remote login settings, click OK.
Configuring Remote Login Settings

Only a user with security privileges can configure remote login settings. Otherwise, this menu item is disabled.

To configure the remote login settings:

From the Configuration menu in either the Network Workshop or the Device Workshop, select NMC-RX Application Settings, then click Remote Login.

The Remote Login tab appears.
Set the parameters as shown in Table 26. For example:
 Table 27:  Remote Login Parameters 

 Parameters
 Description

 Login Type

 Determines the type of login specified through the NMC-RX application:

   TELNET ONLY—Default. When selected, SSH is disabled. 
   SSH ONLY—When selected, the SSH command-line parameters are enabled and must be specified.



 SSH Command Line
 Specifies the parameters in this section for SSH authentication.


 Available NMC-RX Arguments


   <HOST>—Specifies the IP address of the device to which you are connecting. When clicked, the <HOST> token is added to the command-line string (see below). 
   <USER NAME>—Specifies the username, which is the SSH username set in the NMC-RX user profile. You can use either the NMC-RX username or another username specified by the administrator. When clicked, the <USER NAME> token is added to the command-line string (see below). 



 Command LIne String

 Specifies what is executed when the remote login action starts. The string contains arguments that are necessary for SSH authentication. Syntax example:
ssh2 <USER NAME>@<HOST>




   ssh2—SSH executable
   <USER NAME>—Parameter syntax for username
   <HOST>—Parameter syntax for IP address



 Test

 When clicked, the remote login action is started with the command-line string that you specified.
Click Save.
Testing Remote Login Action

When remote login is started, the arguments that you specified in the Command Line String field are translated to the specified username and IP address. For example,
ssh2 <USER NAME>@<HOST>
translates to:
ssh2 hsmith@10.5.129.39
To test the remote login action that you specified in the Command Line String field:

Click Test.

A Test SSH Session dialog box appears. One of these dialogs appears when a username and host argument are specified or when only a host argument is specified.
(Optional) Specify a username.

NOTE: The username that appears in the text box is the SSH username that is specified in the user profile.

Enter the host IP address.

Click OK.

The SSH application remotely logs in to the command-line interface (CLI) of the E-series router.
Logging In

After you configure SSH, you can remotely log in to the E-series router through the Tools menu. To log in:

Select Device Utilities and Remote Login.

The SSH Sessions dialog box appears.

Enter the host IP address, and click OK.

The CLI of the E-series router appears. For more information, see NMC-RX User Guide, Vol. 2, Chapter 14, Using Device Utilities.

Parameter	Description
User Name	Name of the user for whom you are creating a user profile. The user name must be from 2 to 32 alphanumeric characters.
User Authentication
User Authentication Mode	Method by which user logins are authenticated: either locally or with a RADIUS server by default. You can modify per user profile.
Test Login	When enabled (checked) and user authentication mode is set to RADIUS, the remote login action is tested.
User Password	Password that you use for remote log in. The password must be from 6 to 16 alphanumeric characters.
Re-enter Password	Validation of User Password.
User Privilege
Privilege Settings	Privileges that are assigned to a user: Security—Allows access to all application-specific settings; default: unchecked (disabled) Maintenance—Allows access to all device-specific settings or features; default: unchecked (disabled)
Device Administration	Privilege settings that are assigned to a user: View—Indicates whether you have access to view the configuration of a device;default: checked (enabled) Create—Indicates whether you have access to create configurations on a device; default: unchecked (disabled) Configure—Indicates whether you have access to configure the configuration of a device;default: unchecked (disabled) Delete—Indicates whether you have access to delete device configurations;default: unchecked (disabled) Execute—Indicates whether you have access to execute some device actions, such as ping, ATM ping, remote login, and traceroute;default: unchecked (disabled)
User Preferences
Single Click Object View	Lets you view objects with one right-click of the mouse.
SNMP Community Strings
Read Only	Read-only access to the entire management information base (MIB) except for SNMP configuration objects.
Read Write	Read-write access to the entire MIB except for SNMP configuration objects.
Admin	Read-write access to the entire MIB.
Remote Login
SSH User Name Source	NMC-RX User Name—Select if you always want to use the NMC-RX username as the SSH username source. This is the default. Other User Name—Select if you want to use a username other than the NMC-RX username as the SSH username source. When selected, the text box to the right of the field is active and you can edit the text. Type the user name in the text box. The username can be from 1 to 128 characters.

Parameters	Description
Login Type	Determines the type of login specified through the NMC-RX application: TELNET ONLY—Default. When selected, SSH is disabled. SSH ONLY—When selected, the SSH command-line parameters are enabled and must be specified.
SSH Command Line	Specifies the parameters in this section for SSH authentication.
Available NMC-RX Arguments	<HOST>—Specifies the IP address of the device to which you are connecting. When clicked, the <HOST> token is added to the command-line string (see below). <USER NAME>—Specifies the username, which is the SSH username set in the NMC-RX user profile. You can use either the NMC-RX username or another username specified by the administrator. When clicked, the <USER NAME> token is added to the command-line string (see below).
Command LIne String	Specifies what is executed when the remote login action starts. The string contains arguments that are necessary for SSH authentication. Syntax example: ssh2 <USER NAME>@<HOST> ssh2—SSH executable <USER NAME>—Parameter syntax for username <HOST>—Parameter syntax for IP address
Test	When clicked, the remote login action is started with the command-line string that you specified.

[Contents] [Prev] [Next] [Index] [Report an Error]