Adding Juniper Systems
Overview
If you are adding a Juniper Junos OS system, you can add a user name and password for an account to be used to access the system when adding the system or at a later time.
You can specify any valid local user account and password. In most cases, however, you would specify admin or an account with similar privileges for which you want to manage the password.
For any account you add, you can choose whether or not you want the Privileged Access Service to manage the account password. If you select Manage this credential, the Privileged Access Service automatically resets the password immediately after the account and system are added and each time the account is checked in.
If you select Manage this credential for Juniper Junos OS devices, you should keep in mind that the Privileged Access Service can only manage passwords for privileged user accounts that have sufficient rights to configure and save settings. In addition, if there are any pending changes for other user accounts, those changes will be saved when the Privileged Access Service updates a managed password.
You should also keep in mind that only the Privileged Access Service will know the managed password being generated and stored. You should not select this option if you don’t want the Privileged Access Service to manage the password for the account.
For more information about password and system management for Juniper systems, see the following topics:
Password Complexity Rules
All managed passwords generated by the Privileged Access Service consist of at least one upper case letter, one lower case letter, one number, and one special character regardless of the system type. For Juniper Junos OS systems, the following additional password rules apply:
- Minimum password length: 12 characters.
- Maximum password length: 20 characters.
- Supported special characters: !@#$%&()*+,-./:;<=>?[]^_{|}~
Specifying Proxy Users for Root
If you selected Juniper as the system type and added root as the account to use with the device, you are prompted to specify whether the root user account is allowed to log on using secure shell (ssh) connections.
You can disable secure shell (ssh) connections for root on Juniper devices by running the following command:
set system services ssh root-login deny
If you have disabled secure shell (ssh) connections for root and want to manage the password for the account, you must add a user name and password for an account that can open a secure shell connection on the target system.
The account name and password you specify becomes a “proxy” account used in place of the root account. The account used as the “proxy” for the root account must be able to open secure shell sessions on the target system, but no other special privileges are required. After the “proxy” account opens the secure shell connection, it gets its root privileges programmatically to perform administrative tasks on the target system.
If you are adding a “proxy” account to open secure shell sessions, you also have the option to have the password for this account managed by the Privileged Access Service. If you select Manage this credential for the proxy account, only the Privileged Access Service will know the password for the account from this point on. The managed password for the “proxy” account will not be available to any other applications or users.
Changing Juniper System Settings
You can use the System Settings to update the following types of information after adding a system:
-
Select a system time zone.
You can manually select the time zone you want to use for any system. If you don’t specify a time zone, the local time zone of the system is used by default.
-
Change proxy account settings.
If you configure ssh to prevent the root user account from logging on using secure shell connections, you can select the Enable Proxy Account option to set the proxy user name and password.
-
Add or modify the optional description of the system.
