Understanding management access – Juniper Networks SRX 210 User Manual

Page 104

Understanding Management Access

Telnet allows you to connect to the services gateway and access the CLI to execute
commands from a remote system. The Telnet CLI connections are not encrypted and
therefore can be intercepted.

NOTE:

Telnet access to the root user is prohibited. You must use more secure

methods, such as SSH, to log in as

root

SSH provides the following features:

•

Allows you to connect to the device and access the CLI to execute commands from a
remote system

•

Encrypts traffic so that it cannot be intercepted (unlike Telnet)

•

Can be configured so that connections are authenticated by a digital certificate

•

Uses public–private key technology for both connection and authentication

The SSH client software must be installed on the machine where the client application
runs. If the SSH private key is encrypted (for greater security), the SSH client must be
able to access the passphrase used to decrypt the key.

For information about obtaining SSH software, see

http://www.ssh.com

and

http://www.openssh.com

If you are using a Junos XML protocol server to configure and monitor devices, you can
activate cleartext access on the device to allow unencrypted text to be sent directly over
a Transmission Line Protocol (TCP) connection without using any additional protocol
(such as SSH, SSL, or Telnet). For more information about the Junos XML management
protocol, see

http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/

netconf-guide/netconf-guide.pdf

NOTE:

Information sent in cleartext is not encrypted and therefore can be

intercepted.

If the device is operating in a Common Criteria environment, see the

Configuration Guides

for Junos OS Public Sector Certifications

Documentation

Connecting an SRX210 Services Gateway to the CLI Locally on page 79

•

Connecting an SRX210 Services Gateway to the CLI Remotely on page 80