From the course: Juniper Networks Certified Associate JNCIA-Junos (JN0-105) Cert Prep
User accounts - Junos Tutorial
From the course: Juniper Networks Certified Associate JNCIA-Junos (JN0-105) Cert Prep
User accounts
- [Shyam] Let's now talk about User Accounts. User accounts provide a way for users to access the Junos device. When you create a user account on a Junos device, a home directory gets assigned to the user, the path for which is /var/home/username of the device. Normally, when you're creating a user account, the user account is being created locally on the Junos device. However, it does not always have to be that way. Users can access the device without accounts on the local Junos device if RADIUS or TACACS+ servers have been configured. If this is the first time you're coming across these terms, RADIUS and TACACS+ are centralized user management services. So user accounts can be locally configured on the Junos device. They can also be created on centralized user management services like RADIUS and TACACS+. When you define a user account on a Junos device, we can provide this information. So the first thing is username, which is a unique string. It can be up to 64 characters in length without spaces, colons, or commas. Next, we can provide a user identifier. This is a numeric identifier associated with the username. You can provide this manually, or when you commit the configuration, Junos will automatically generate a user identifier for the user. Optionally, we can also provide a full name. We must associate every user with a login class, and we must also provide an authentication method. Let's understand how to create a user account from the Junos terminal. All right, I'm here at the Junos terminal. I'll first enter the configuration mode, and I'll navigate to the edit system login configuration hierarchy. This is where we can configure the user from. So let's start with set ?. And here we have the keyword called user, and here we can define the username. I can see there's an existing user over here, so let's provide a new username. Let's call this guy as admin. Then we need to provide a login class. The keyword is class, and I'm going to assign the super-user class to this person. Next, we can provide a user identifier if we wanted to. It's not mandatory. If you do not provide a user ID, Junos will automatically generate one for you when you commit. You can provide a full name if you wanted to. And here's the keyword to set the authentication method. So I'll say authentication ?, and here we have different options for authentication. Plain-text-password is one of the most commonly used methods. So if I did plain-text-password and I pressed enter, I would have to provide a password for that user. If you want to provide an encrypted password string, you can use this option over here called encrypted-password string. Make sure that the password has already been encrypted before you use that option. If you want to load a keyfile that's containing SSH keys generated using the ssh keygen command, then you can use this option here, load-key-file. If you want to completely disable SSH public key-based authentication, you can say no-public-keys, or if you want to provide an SSH public key string, generated using one of these protocols here, or one of these algorithms here, RSA, ECDSA, and ED25519, then you can use any of these options over here. Right now, I'm going to do plain-text-password and press enter. And I'll provide a password here, and that's configured. So if I do a show here, you can see, here's the user we configured, user admin, he has a class, and the authentication is set to encrypted-password, and that's because Junos will automatically encrypt your passwords. So even though we configure it as plain-text-password, when Juno saves the password, it encrypts it automatically. One difference you'll notice over here is that this user does not have a user ID, while this one has. And the reason is when you commit the configuration, it will automatically generate a user ID for you. So I'm going to say top commit. By the way, here's a tip for you. If you want to perform a command that can be executed from the top of the configuration hierarchy, you can prefix that with top. So, like this here, I'm saying top commit. So this is like doing commit from the top of the configuration hierarchy. Top commit, press enter. And if I do show now, I can see that this user also has a user ID. So let's try to log in. I'm going to exit out from here, and let's do ssh admin at VIP address of the device, enter the password, and I'm logged into the device. So that's how we can configure a user account. An important thing to keep in mind. User accounts do not have to be configured on the Junos device only, they can also be configured on centralized user management services like RADIUS and TACACS+.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Factory default configuration4m 37s
-
(Locked)
Initial configuration12m 33s
-
(Locked)
Login class11m 6s
-
User accounts5m 33s
-
(Locked)
Authentication methods7m 31s
-
(Locked)
Introduction to interfaces6m 15s
-
(Locked)
Interface naming convention5m 26s
-
(Locked)
Interface properties4m 55s
-
(Locked)
Interface address configuration7m 31s
-
(Locked)
Configuration groups22m 36s
-
(Locked)
Introduction to system logging4m 38s
-
(Locked)
Configuring syslog16m 10s
-
(Locked)
Tracing12m 44s
-
(Locked)
Network Time Protocol13m 16s
-
(Locked)
Simple Network Management Protocol15m 35s
-
(Locked)
Rescue config4m 41s
-
(Locked)
Backups7m 40s
-
-
-
-