root-authentication
Syntax
root-authentication { encrypted-password "password"; no-public-keys ssh-ecdsa name { from from; } ssh-ed25519 name { from from; } ssh-rsa name { from from; } }
Hierarchy Level
[edit system]
Description
Configure the authentication methods for the root-level user, whose username is
root
.
You can use the ssh-ecdsa
, ssh-ed25519
, or
ssh-rsa
statements to directly configure SSH ECDSA, ED25519, or
RSA keys to authenticate root logins. You can configure more than one public key for
SSH authentication of root logins as well as for user accounts. When a user logs in
as root, the public keys are referenced to determine whether the private key matches
any of them.
There is a difference in the way a plain-text password is hashed and stored as encrypted in Junos OS release 15.1 and newer vs. that used in release 12.3 and earlier.
In Junos OS release 12.3 and earlier images, encrypting and decrypting of passwords using SHA-256 is not supported. This is a limitation in Junos OS release 12.3. Therefore, if a password that is encrypted by using SHA-256 in Junos OS release 15.1 is provided to Junos OS releases 12.3 and earlier, the password decryption will fail.
See this KB article for instructions on how to first configure a compatible MD5 hashed root password before you downgrade. If you downgrade without first configuring a compatible root password you will not be able to login as root after the downgrade.
Options
encrypted-password "password" |
Specify the MD5 or other password. You can specify only one encrypted password. You cannot configure a blank password using blank quotation marks (" "). You must configure a password whose number of characters range from 1 through 128 characters and enclose the password in quotation marks. |
no-public-keys |
Disable SSH public key-based authentication. |
ssh-ecdsa name from from |
Use an SSH ECDSA public key. You can specify one or more public keys. |
ssh-ed25519 name from from |
Use an SSH ED25519 public key. You can specify one or more public keys. |
ssh-rsa name from from |
Use an SSH RSA public key. You can specify one or more public keys. |
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.