Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Juniper Paragon Automation Juniper Paragon Automation User Guide Administration User Management

Juniper Paragon Automation User Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Paragon Automation User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Manage Paragon Shell Users

date_range 18-Jun-24
arrow_backward
arrow_forward

System administrators (root user) use Paragon Shell to add users so that these users can access and manage Paragon Automation cluster configurations. The users created in Paragon Shell and Paragon Automation Web GUI are not shared across the two user interfaces.

The following sections describe the user management tasks you can perform by using Paragon Shell.

Note:

User information configured on one node is deployed across all the nodes in the Paragon Automation cluster.

Create a User

System administrators and superusers can use Paragon Shell to create users who can access and manage the Paragon Automation cluster based on the privileges defined by the role assigned to them.

To create a user:

  1. SSH to a node in the Paragon Automation cluster.
  2. Log in to Paragon Shell.
    If you are a system administrator, log in as the root user. If you are a superuser, log in with your login credentials shared by the system administrator.
    You are placed in the operational mode of Paragon Shell.
  3. Enter the configuration mode.
    content_copy zoom_out_map
    root@eop-primary> configure
Entering configuration mode

[edit]
  4. Configure the username, access privileges, and authentication method to authenticate the user.
    content_copy zoom_out_map
    root@eop-primary# set system login user username class class authentication authentication-method

    Where,

    • username is the unique name that identifies the user.

    • class is the access privilege assigned to the user. The options are:

      • read-only—User can access Paragon Shell and view details about the Paragon Automation cluster but cannot enter configuration mode to modify cluster configuration.

      • super-user—User can access Paragon Shell and enter configuration mode to modify cluster configuration.

    • authentication is the possible authentication methods that can be used to authenticate users. The options are:

      • plain-text-password—Enter the password in plain text. The password can contain alphanumeric and special characters and must have a minimum of six characters. The password is stored in an encrypted format in the configuration file.

      • encrypted-password—Enter the encrypted password and enclose it in quotation marks. Currently, the supported encryption algorithm is SHA-512.

      • ssh-algorithm—Generate an SSH key pair and use the key to authenticate users. The three types of SSH key algorithms that can be used are:

        • ssh-ecdsa

        • ssh-ed25519

        • ssh-rsa

    Note:

    • You can use both password and SSH keys to authenticate users.

    • You can configure more than one SSH key to authenticate users.

  5. Commit the changes and exit the configuration mode.
    content_copy zoom_out_map
    root@eop-primary# commit and-quit
warning: *** operating on 176.16.10.4 ***
warning: *** operation on 176.16.10.4 succeeds ***
warning: *** operating on 176.16.10.3 ***
warning: *** operation on 176.16.10.3 succeeds ***
warning: *** operating on 176.16.10.2 ***
warning: *** operation on 176.16.10.2 succeeds ***
commit complete
Exiting configuration mode

    The user is successfully created.

  6. Deploy the configuration on all the nodes in the cluster.
    content_copy zoom_out_map
    root@eop-primary> request paragon deploy user
Getting user-config configmap...
Added user: ['username']
Modified user: []
Deleted user: []
warning: *** operating on 176.16.10.4 ***
warning: *** operation on 176.16.10.4 succeeds ***
warning: *** operating on 176.16.10.3 ***
warning: *** operation on 176.16.10.3 succeeds ***
warning: *** operating on 176.16.10.2 ***
warning: *** operation on 176.16.10.2 succeeds ***
warning: *** operating on 176.16.10.1 ***
warning: *** operation on 176.16.10.1 succeeds ***
Deleting user-config configmap...
Creating new user-config configmap...

    The configuration is deployed on all the nodes in the Paragon Automation cluster.

    The system administrator must manually share the IP addresses and log in credentials with the user and the user can log in to Paragon Shell to view and manage the Paragon Automation cluster based on the access privileges assigned to them.

  7. (Optional) Confirm the user details.
    content_copy zoom_out_map
    root@eop-primary> configure
Entering configuration mode

[edit]
root@eop-primary# show system login

For every user created by using Paragon Shell, a Linux user with identical username, access privileges, and authentication method is created on every single node in the Paragon Automation cluster.

Note:

  • When a commit is initiated from one node (node A), commit is first attempted on the rest of the nodes (node B, C, D) before it is attempted on the node on which the commit was initiated (node A). In case the commit fails on any of the nodes, the changes committed is rolled back on the nodes on which commit succeeded.

  • Commit fails when multiple users make changes to the cluster configuration at the same time from different nodes. In such scenarios, we need to rollback all the committed changes on the other nodes and only commit changes from a single node to ensure that all the nodes in the cluster have the same configuration.

Modify User Information

System administrators and superuser can modify the access privileges of users and the authentication method used to authenticate the user.

To modify user details:

  1. SSH to a node in the Paragon Automation cluster.
  2. Log in to Paragon Shell.
    If you are a system administrator, log in as the root user. If you are a superuser, log in with your login credentials shared by the system administrator.
    You are placed in the operational mode.
  3. Enter the configuration mode.
    content_copy zoom_out_map
    root@eop-primary> configure
Entering configuration mode

[edit]
  4. Modify the access privilege for the user and the authentication method used to authenticate the user, as needed.
    content_copy zoom_out_map
    root@eop-primary# set system login user username authentication authentication-method
  5. Commit the changes and exit the configuration mode.
    content_copy zoom_out_map
    root@eop-primary# commit and-quit
warning: *** operating on 176.16.10.4 ***
warning: *** operation on 176.16.10.4 succeeds ***
warning: *** operating on 176.16.10.3 ***
warning: *** operation on 176.16.10.3 succeeds ***
warning: *** operating on 176.16.10.2 ***
warning: *** operation on 176.16.10.2 succeeds ***
commit complete
Exiting configuration mode

    The user is successfully created.

  6. Deploy the configuration on all the nodes in the cluster.
    content_copy zoom_out_map
    root@eop-primary> request paragon deploy user
Getting user-config configmap...
Added user: []
Modified user: ['username']
Deleted user: []
warning: *** operating on 176.16.10.4 ***
warning: *** operation on 176.16.10.4 succeeds ***
warning: *** operating on 176.16.10.3 ***
warning: *** operation on 176.16.10.3 succeeds ***
warning: *** operating on 176.16.10.2 ***
warning: *** operation on 176.16.10.2 succeeds ***
warning: *** operating on 176.16.10.1 ***
warning: *** operation on 176.16.10.1 succeeds ***
Deleting user-config configmap...
Creating new user-config configmap...

    The username of the user whose user details are modified is displayed. The configuration is deployed on all the nodes in the Paragon Automation cluster.

Delete a User

To delete a user:
  1. SSH to a node in the Paragon Automation cluster.
  2. Log in to Paragon Shell.
    If you are a system administrator, log in as the root user. If you are a superuser, log in with your login credentials shared by the system administrator.
    You are placed in the operational mode.
  3. Enter the configuration mode.
    content_copy zoom_out_map
    root@eop-primary> configure
Entering configuration mode

[edit]
  4. To delete the user.
    content_copy zoom_out_map
    root@eop-primary# delete system login user username
  5. Commit the changes and exit the configuration mode.
    content_copy zoom_out_map
    root@eop-primary# commit and-quit
warning: *** operating on 176.16.10.4 ***
warning: *** operation on 176.16.10.4 succeeds ***
warning: *** operating on 176.16.10.3 ***
warning: *** operation on 176.16.10.3 succeeds ***
warning: *** operating on 176.16.10.2 ***
warning: *** operation on 176.16.10.2 succeeds ***
commit complete
Exiting configuration mode

    The user's access to Paragon Automation cluster is revoked.

  6. Deploy the configuration on all the nodes in the cluster.
    content_copy zoom_out_map
    root@eop-primary> request paragon deploy user
Getting user-config configmap...
Added user: []
Modified user: []
Deleted user: ['username']
warning: *** operating on 176.16.10.4 ***
warning: *** operation on 176.16.10.4 succeeds ***
warning: *** operating on 176.16.10.3 ***
warning: *** operation on 176.16.10.3 succeeds ***
warning: *** operating on 176.16.10.2 ***
warning: *** operation on 176.16.10.2 succeeds ***
warning: *** operating on 176.16.10.1 ***
warning: *** operation on 176.16.10.1 succeeds ***
Deleting user-config configmap...
Creating new user-config configmap...

    The user's access to Paragon Shell is removed. The configuration is deployed on all the nodes in the Paragon Automation cluster.

  7. (Optional) Confirm that the user is logged out of the Paragon Automation cluster.
    content_copy zoom_out_map
    root@eop-primary> configure
Entering configuration mode

[edit]
root@eop-primary# show system login

Logging in to Paragon Shell as a New User

The system administrator manually shares the IP address and credentials (username and password) with the users to access Paragon Shell.

To log in to Paragon Shell as a new user:

  1. SSH to a node in the Paragon Automation cluster.
  2. Enter your username and password.
    Based on your login class you are either placed in Paragon Shell or the Linux user shell.

    The two login classes are:

    • super-user—You are placed in the Paragon Shell.

    • read-only—You are placed in the Linux user shell initially and prompted to re-enter your password. Re-enter your password to log in to Paragon Shell.

    You are logged in to Paragon Shell.
    Depending on your access privileges, you can view and manage Paragon Automation cluster configuration.

Retrieve User Information On a Recovered Node in the Paragon Automation Cluster

When a node is repaired and recovered in the Paragon Automation cluster the user configuration on the node is lost. Users will not be able to use their user credentials to log in to the node and access the Linux user shell and Paragon Shell.

Note:

Before you retrieve user configuration on the recovered node, ensure that there are no pending commits in any of the nodes in the Paragon Automation cluster, including in the recovered node.

To retrieve user configuration on the recovered node:

  1. SSH to a node with the latest user configuration in the Paragon Automation cluster.
    You are logged into Paragon Shell.
  2. Enter the configuration mode.
    content_copy zoom_out_map
    root@eop-primary> configure
Entering configuration mode

[edit]
  3. Execute the commit command to retrieve the latest cluster configuration.
    content_copy zoom_out_map
    [edit]
root@eop-primary# commit and-quit
commit complete
Exiting configuration mode
    The user configuration is updated on all the nodes.
  4. Deploy the user configuration file on all the nodes in the cluster.
    content_copy zoom_out_map
    root@eop-primary> request paragon deploy user recover true
Getting user-config configmap...
Added user: ['username']
Modified user: []
Deleted user: []
warning: *** operating on 176.16.10.4 ***
warning: *** operation on 176.16.10.4 succeeds ***
warning: *** operating on 176.16.10.3 ***
warning: *** operation on 176.16.10.3 succeeds ***
warning: *** operating on 176.16.10.2 ***
warning: *** operation on 176.16.10.2 succeeds ***
warning: *** operating on 176.16.10.1 ***
warning: *** operation on 176.16.10.1 succeeds ***
Deleting user-config configmap...
Creating new user-config configmap...

    Users can now log in to the node using their existing Paragon Shell credentials. The access privileges and authentication method also remains the same.

arrow_backward PREVIOUS Manage Users and Invites
NEXT arrow_forward Manage Your Paragon Automation Account
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top