Vty Line Authentication And Authorization; Configuring Simple Authentication - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 Configuration Manual

Vty Line Authentication and Authorization

Configuring Simple Authentication

line
Copyright © 2010, Juniper Networks, Inc.
The router supports 30 virtual tty (vty) lines for Telnet, Secure Shell Server (SSH) and
FTP services. Each Telnet, SSH, or FTP session requires one vty line. You can add security
to your router by configuring the software to validate login requests. There are two modes
of authentication for a vty line:
Simple authentication—Password-only authentication through the local configuration
AAA authentication—Username and password authentication through a set of
authentication servers
You can enable AAA authorization, which allows you to limit the services available to a
user. Based on information retrieved from a user's profile, the user is either granted or
denied access to the requested server.
To configure simple authentication:
Specify a vty line or a range of vty lines on which you want to enable the password.
1.
host1(config)#line vty 8 13
host1(config-line)#
Specify the password for the vty lines.
2.
host1(config-line)#password 0 mypassword
Enable login authentication on the lines.
3.
host1(config-line)#login
Display your vty line configuration.
4.
host1#show line vty 8
no access-class in
data-character-bits 8
exec-timeout never
exec-banner enabled
motd-banner enabled
login-timeout 30 seconds
Use to specify the vty lines on which you want to enable the password.
You can set a single line or a range of lines. The range is 0–29.
Example
host1(config)#line vty 8 13
Use the no version to remove a vty line or a range of lines from your configuration; users
will not be able to run Telnet, SSH, or FTP to lines that you remove. When you remove
Chapter 7: Passwords and Security
413