SRX

Hello,

I have a problem to access my SRX100H CLI with Telnet. I obtain a login error.

I use the Windows 7 x 64 Telnet client. Same problem with the Windows XP x86 Telnet client and with the TTY Emulator software which includes a Telnet client.

I do not have any problem to access the CLI with SSH or with the HTTP J-Web interface.

Telnet is well enabled in the Management Access Configuration / Services J-Web page.

Problem observed with JunOS 10.4 and 12.1X44-D10.4.

Any idea ?

Thanks

Julien

Can you provide a screenshot of the login error?

Have you allowed telnet under host-inbound-traffic services? (I think you are saying you have, but I haven't used J-Web in a LONG time).

It would definitely be helpful if we know exactly what user account you are attempting to log in with and the exact error message. We can tell you that if you are using the root account to log in from a telnet session, then you will get a login error, because you cannot log into the device with the root account via a telnet session. But there are numerous error messages and trying to gues which one you are seeing is  seems like a stretch. One of the very forst troubleshooting steps is to get the exact error mesage.

Hello,

Thank you for your answers.

Yes, Telnet inbound is enabled.

You will find attached a screenshot of the error message (Incorrect login).

Yes I try to login with root account. I didn't see anywhere that root login is impossible with Telnet. Thats explain my problem! Do you know where this restriction is documented for SRXs? I will use SSH only...

I accept this solution and flag the title as solved.

Thanks.

Just an other thing. Do you know how can I change the listening TCP port for SSH ?

Sorry Julien, I do not know. You could use the ? under the services ssh and see if it is an available option. I doubt it would show up anyways, if allowed, it would more than likely be a hidden command. But I would bet there is such an option. Some military organisation or huge corporation could have requested it, so it may be hidden somewhere. Will defer to others.

Hi Julien,

Unfortunately you can't change the default SSH port - I find this rather annoying too!

Hello,

Thank you yet for your answers and for the documentation links.

So, I will use SSH only with the default port 😉

Bye.

It is covered in the IJOS course and if you google it you will find numerous documentation. For example

http://www.juniper.net/techpubs/software/junos/junos93/swconfig-cli/getting-started-with-JUNOS-CLI.html

http://www.juniper.net/techpubs/software/junos/junos93/swconfig-cli/getting-started-with-JUNOS-CLI.html

It is one of the default builtin security features of the device. Of course you can increase security by enabling password complexity, such as minimum/maximum password length, number of failed logins, backoff algorithm, lockout period after number of failed login attemps, etc.

Search for this document form more information about user accounts and permissions

User Access and Authentication,Junos OS Release ## for example 11.4