Console-Only Connections In Nsm Overview; Secure Shell Server In Nsm Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

Console-Only Connections in NSM Overview

Related
Documentation

Secure Shell Server in NSM Overview

158
Limiting Login Attempts, Setting Dial-In Authentication, and Restricting Password
Length in NSM Overview on page 156
You can require the root device administrator to log in to the security device through the
console port only. This restriction requires the root device admin to have physical access
to the device to log in, preventing unauthorized persons from logging in remotely.
By default, this restriction is not enabled (the root device administrator can log in
remotely). To restrict access to console only, select the Root Access Console Only check
box in the CLI Management screen. When enabled, the managed device denies access
to all Web UI, Telnet, or SSH connections for the root device administrator. This setting
overrides the management options enabled on the ingress interface.
NOTE: This option does not appear for the Juniper Networks NSMXpress,
which does not contain a console port.
Enabling the console-only setting does not affect the NSM–managed device connection.
Secure Shell Server in NSM Overview on page 158
Configuring CLI Banners in NSM Overview on page 160
Asset Recovery and Reset Hardware in NSM Overview on page 157
Each security device includes a built-in Secure Shell (SSH) server. Device administrators
can use an SSH-aware application to open a remote command shell on the device and
execute commands. When using SSH, the connection is protected against IP or DNS
spoofing attacks, and password or data interception.
The maximum number of SSH sessions is a device-wide limit and is between 2 and 24,
depending upon the device. If the maximum number of SSH clients are already logged
into the device, no other SSH client can log in to the SSH server.
To enable SSH connections to the managed device, select SSH Enable and configure
an SSH version. Because SSHv1 and SSHv2 are incompatible, you must use the same
SSH version for both the client and server. For example, you cannot use an SSHv1 client
to connect to an SSHv2 server on the managed device, or vice versa.
For the SSH server (the security device), you can also enable Secure Copy (SCP). A device
administrator can use SCP to transfer files to or from the managed device using SSH
(SSH authenticates, encrypts, and ensures data integrity for the SCP connection). When
using SCP, the security device acts as an SCP server that accepts connections from SCP
clients on remote hosts. Additionally, you must enable SSH for the managed device
before you can enable SCP (disabled by default).
Copyright © 2010, Juniper Networks, Inc.