Configuring User Authentication - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 Configuration Manual
Software for e series broadband services routers system basics configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04:
- Configuration manual (304 pages) ,
- Reference manual (284 pages)
Table of Contents
Advertisement
JunosE 11.3.x System Basics Configuration Guide
ip ssh user-authentication-protocol
ip ssh authentication-retries
ip ssh disable-user-authentication
426
Use the no version to remove or exclude an algorithm from the specified list.
See ip ssh crypto.
Configuring User Authentication
The router supports RADIUS and TACACS+ for user authentication. RADIUS authentication
is enabled by default. You must have previously configured a RADIUS or a TACACS+
server on a host system and its respective client (RADIUS or TACACS+) on your system.
You can specify timeout and retry limits to control the SSH connection process. The
limits apply only from the time the user first tries to connect until the user has been
successfully authenticated. The timeout limits are independent of any limits configured
for virtual terminals (vtys). The following limits are supported:
User authentication protocol—SSH user authentication protocol enabled on the router.
SSH timeout—Maximum time allowed for a user to be authenticated, starting from
the receipt of the first SSH protocol packet.
Authentication retry—Number of times a user can try to correct incorrect
information—such as a bad password—in a given connection attempt.
Sleep—Prevents a user that has exceeded the authentication retry limit from connecting
from the same host within the specified period.
Configures the SSH user authentication protocol. E Series routers support RADIUS and
TACACS+ user authentication protocols.
Specify an RADIUS or TACACS+.
Example
host1(config)#ip ssh user-authentication-protocol TACACS+
Use the no to restore the SSH user authentication protocol to the default, RADIUS.
See ip ssh authentication-retries.
Use to set the number of times that a user can retry a failed authentication, such as
trying to correct a wrong password. The SSH server terminates the connection when
the limit is exceeded.
Specify an integer in the range 0–20.
Example
host1(config)#ip ssh authentication-retries 3
Use the no version to restore the default value, 20 retry attempts.
See ip ssh authentication-retries.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 and is the answer not in the manual?
Questions and answers