SRX Services Gateway
Highlighted
SRX Services Gateway

Update an existing system user login method (SRX650)

‎02-20-2019 10:50 AM

I have a system user with super-user access, currently set to login with a password. 

 

# set system login user testuser authentication encrypted-password "****************************"

 

I would like to update the existing statement in the configuration to make the same user authenticate using SSH Keys instead of password. Please advise how to update the configuration.

3 REPLIES 3
SRX Services Gateway

Re: Update an existing system user login method (SRX650)

[ Edited ]
‎02-20-2019 11:05 AM

Hi,

 

Check the following articles:

 

Using keys generated in the Junos device:

 

       https://kb.juniper.net/InfoCenter/index?page=content&id=KB30588 

 

Using keys generated in an external server:

 

      http://rtodto.net/public-key-authentication-in-junos/ 

      https://junoshints.wordpress.com/2011/07/15/login-with-ssh-keys-instead-of-passwords-to-junos-router...

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!
SRX Services Gateway

Re: Update an existing system user login method (SRX650)

‎02-20-2019 11:16 AM

Thanks for the advise and sharing the links, actually I had been to both the article earlier today.

 

My issue is slightly ahead of this, maybe I missed to add that in my original description. sorry.

 

I tried following the instructions and updated the configuration but what happened is, it created two entries in the configuration instead of updating existing one. Thankfully, I had only used commit confirm so revert was easy. 

 

So to summarize,

 

I would like to remove the existing line

# set system login user testuser authentication encrypted-password "****************************"

and replace it with a statement to 

set system login user testuser authentication load-key-file /root/.ssh/id_rsa.pub

 

Please advise.

SRX Services Gateway
Solution
Accepted by topic author vbalakrishnan@fpc-ksa.com
‎02-20-2019 12:12 PM

Re: Update an existing system user login method (SRX650)

‎02-20-2019 11:35 AM

Thanks for the confirmation. You just need to deleted the first line and add the second one:

 

# delete system login user testuser authentication encrypted-password
# set system login user testuser authentication load-key-file /root/.ssh/id_rsa.pub

 

 If you are afraid of getting locked by this change, you could first create a second user and have it as a backup login mechanism.

 

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!