Configuring Cli Banners In Nsm Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Related
Documentation

Configuring CLI Banners in NSM Overview

Related
Documentation
160
To configure the SSH client, you must also bind the DSA PKA keys to the device
administrator before that admin can make an SSH connection. For details on assigning
PKA keys to a device admin, see "Device Administrator Account Configuration Overview"
on page 150.
Configuring CLI Banners in NSM Overview on page 160
Configuring Remote Access Using Web Management Overview on page 161
Console-Only Connections in NSM Overview on page 158
You can customize the message that appears when a device administrator logs on to
the security device using a console connection, Telnet, or SSH. This message, called a
banner, provides confirmation to device administrators to let them know that they have
successfully logged in. Banners are optional; you are not required to configure CLI banners
for the security device.
A default banner already exists for Telnet and SSH, but you can write a new message to
suit your needs. You can use one banner for console connection and a different banner
for both Telnet and SSH connections.
To configure CLI banners:
For console connections, enter a message in the Console Login Banner text box. By
default, the console banner is blank (no confirmation is provided to the device
administrator upon successful login). The maximum number of characters permitted
in a console banner is 127.
For Telnet or SSH connections, enter a new message or edit the existing default
message in the Telnet/SSH Login Banner text box. By default, the message "Remote
Management Console" is provided to device administrators upon successful login. The
maximum number of characters permitted in a Telnet or SSH banner is 127.
For ScreenOS 5.1 and later devices, you can also configure a secondary banner for console,
Telnet, or SSH connections. The secondary banner enables you to create a much longer
message that appears for any successful CLI-based connection attempt. By default, the
secondary banner is blank (no secondary message is provided for device administrators
upon login).
In ScreenOS 6.1 , for sessions created through ssh, telnet, or local console, the secondary
banner gets displayed after the username and the password prompt. These actions can
request the administrator to acknowledge the secondary banner through the CLI console.
Hence, if the user does not acknowledge the secondary banner, the device login process
fails and the connection is closed.
Configuring Remote Access Using Web Management Overview on page 161
Configuring HTTP Administrative Connections in ScreenOS Devices Using NSM Overview
on page 161
Copyright © 2010, Juniper Networks, Inc.