Encrypting Configuration Files; Decrypting Configuration Files; Modifying The Encryption Key; Encrypting And Decrypting Configuration Files - Juniper J-Series Administration Manual
Juniper networks router administration guide
Hide thumbs
Also See for J-Series:
- Hardware manual (280 pages) ,
- Quick start manual (16 pages) ,
- Quick start manual (24 pages)
Table of Contents
Advertisement
For more information about the
Management Configuration Guide.
CAUTION: If log files for accounting data are stored on DRAM, these files are lost
when the router reboots. Therefore, we recommend that you back up these files
periodically.
Encrypting and Decrypting Configuration Files
Configuration files contain sensitive information such as IP addresses. By default,
the Services Router stores configuration files in unencrypted format on an external
compact flash. This storage method is considered a security risk because the compact
flash can easily be removed from the Services Router. To prevent unauthorized users
from viewing sensitive information in configuration files, you can encrypt them.
If your router runs the Canada and U.S. version of the JUNOS software, the
configuration files can be encrypted with the Advanced Encryption Standard (AES)
or Data Encryption Standard (DES) encryption algorithms. If your router runs the
international version of the JUNOS software, the files can be encrypted only with
DES.
To prevent unauthorized access, the encryption key is stored in the Services Router's
EEPROM. You can copy the encrypted configuration files to another router and
decrypt them if that router has the same encryption key. To prevent encrypted
configuration files from being copied to another router and decrypted, you can set
a unique encryption key that contains the chassis serial number of your router.
Configuration files that are encrypted with a unique encryption key cannot be
decrypted on any other router.
The encryption process encrypts only the configuration files in the
/var/db/config
encrypted. The filenames of encrypted configuration files have the extension
.gz.jc
NOTE: You must have superuser privileges to encrypt or decrypt configuration files.
This section contains the following topics:
user@host> set file filename nonpersistent
directories. Files in subdirectories under these directories are not
—for example,
juniper.conf.gz.jc
Encrypting Configuration Files on page 204
Decrypting Configuration Files on page 205
Modifying the Encryption Key on page 205
nonpersistent
option, see the JUNOS Network
.
Encrypting and Decrypting Configuration Files
Chapter 11: Managing Files
and
/config
203
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
