Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Authentication and Access Control

  • OpenSSH certificate support (PTX1000, PTX5000)—Starting in Junos OS Release 22.4R1, you can configure SSH certificate-based authentication for users and hosts. This lets you setup SSH access to a device with password-less login for users, and gives the capability to trust hosts without the need to verify key fingerprints.

    The following new CLI configuration statements can be used to configure SSH certificate-based authentication:

    • [system services ssh trusted-user-ca-key-file filename]—Configure the TrustedUserCAKey file at /etc/ssh/sshd_config which contains the public keys of an SSH certificate.

    • [system services ssh host-certificate-file filename]—Configure the HostCertificatefile at /etc/ssh/sshd_config which contains the signed host certificate.

    • [system services ssh authorized-principals-file filename]—Configure the AuthorizedPrincipalsFile at /var/etc which contains a list of names, one of which must appear in the certificate for it to be accepted for authentication.

    • [system services ssh authorized-principals-command program-path]—Specify a program to be used for generating the list of allowed certificate principals found in the AuthorizedPrincipalsFile.

    [See Configure SSH Service for Remote Access to the Router or Switch.]