Enable Remote Access Services
You must configure one or more enabling services such as SSH, Telnet, or FTP before authorized users can access your device. You must also configure at least one of these services before your device can exchange data with other systems. SSH, Telnet, and FTP are widely used standards for remotely logging in to network devices and exchanging files between systems. These services are all disabled by default in Junos OS.
The SSH protocol uses strong authentication and encryption for remote access across a network that is not secure. SSH provides remote login, remote program execution, file copy, and other functions. SSH succeeds Telnet and is the recommended method for remote access. SSH encrypts all traffic, including passwords, to effectively eliminate eavesdropping, connection hijacking, and other attacks. The SSH utility includes Secure Copy Protocol (SCP), a file-transfer program that uses SSH and is the recommended method for secure file exchange.
Because both Telnet and FTP are legacy applications that use cleartext passwords, we recommend that you use SSH (and SCP). Cleartext passwords create a potential security vulnerability. If you do not intend to use FTP or Telnet, you do not need to configure them on your device. However, consider that some users might use FTP to store configuration templates, retrieve software, or perform other administrative tasks.
To make it easier to configure these services on multiple devices, configure them inside of a configuration group. To set up remote access and file-transfer services: