Belajar Mengkonfigurasi Banner,telnet, ssh,ftp,http and Customizing Account Privileges in Junos

Belajar Mengkonfigurasi Banner,telnet,

ssh,ftp,http and Customizing Account Privileges

in Junos

http://iwing.wordpress.com

http://www.ittelkom.ac.id/pinguin

----------------------------------------------------------------------

Belajar membuat banner:

----------------------------------------------------------------------

[edit system login]

root@cnc1#set message "\n\n!========================================================!\n\

n!Router cnc, maintened by:iwing !\n\

n!Access to this device is limited to authorized user only!\n\

n!WARNING!!!:ALL unathourized access is prohibited. !\n\

n!========================================================!\n\n"

----------------------------------------------------------------------

Hasil pengujian

----------------------------------------------------------------------

----------------------------------------------------------------------

Belajar mengkonfigurasi layanan telnet, ssh, ftp dan http

----------------------------------------------------------------------

[edit system services]

root@cnc1# set ?

Possible completions:

+ apply-groups Groups from which to inherit configuration data

+ apply-groups-except Don't inherit configuration data from these groups

> finger Allow finger requests from remote systems

> ftp Allow FTP file transfers

> netconf Allow NETCONF connections

> outbound-ssh Initiate outbound SSH connection

> service-deployment Configuration for Service Deployment (SDXD) management application

> ssh Allow ssh access

> telnet Allow telnet login

> web-management Web management configuration

> xnm-clear-text Allow clear text-based JUNOScript connections

> xnm-ssl Allow SSL-based JUNOScript connections


root@cnc1# set

----------------------------------------------------------------------

http://iwing.wordpress.com/

http://www.ittelkom.ac.id/pinguin

----------------------------------------------------------------------


root@cnc1# set ftp

root@cnc1# set telnet

root@cnc1# set ssh

root@cnc1# set web-management http port 80

----------------------------------------------------------------------

Pengecekan

----------------------------------------------------------------------

root@cnc1# show

ftp;

ssh;

telnet;

web-management {

http {

port 80;

}

}


root@cnc1#

----------------------------------------------------------------------

Pengujian layanan telnet

----------------------------------------------------------------------

root@cnc1# run telnet 192.168.10.2

Trying 192.168.10.2...

Connected to 192.168.10.2.

Escape character is '^]'.

!========================================================!

!Router cnc, maintened by:iwing !

!Access to this device is limited to authorized user only!

!WARNING!!!:ALL unathourized access is prohibited. !

!========================================================!

cnc2 (ttyp0)

login: iwing

Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

iwing@cnc2>

----------------------------------------------------------------------

Pengujian layanan ssh

----------------------------------------------------------------------

root@cnc1# run ssh [email protected]

The authenticity of host '192.168.10.2 (192.168.10.2)' can't be established.

RSA key fingerprint is d4:14:d7:88:0e:91:06:87:0a:6e:8b:38:ec:07:3f:86.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.10.2' (RSA) to the list of known hosts.

!========================================================!

!Router cnc, maintened by:iwing !

!Access to this device is limited to authorized user only!

!WARNING!!!:ALL unathourized access is prohibited. !

!========================================================!

[email protected]'s password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

iwing@cnc2>

----------------------------------------------------------------------

Pengujian layanan ftp

----------------------------------------------------------------------

[edit]

root@cnc1# run ftp 192.168.10.2

Connected to 192.168.10.2.

220 cnc2 FTP server (Version 6.00LS) ready.

Name (192.168.10.2:root): iwing

331 Password required for iwing.

Password:

230 User iwing logged in.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> binary

200 Type set to I.

ftp> ls

200 PORT command successful.

150 Opening ASCII mode data connection for '/bin/ls'.

total 4

drwxr-xr-x 2 iwing staff 512 Jun 24 09:24 .ssh

226 Transfer complete.

ftp> bye

221 Goodbye.

[edit]

root@cnc1#

----------------------------------------------------------------------

Pengujian layanan http

----------------------------------------------------------------------

----------------------------------------------------------------------

Customizing Account Privileges in Junos

----------------------------------------------------------------------

The JUNOS software has four built-in privilege levels:

----------------------------------------------------------------------

[edit system login]

root@cnc1# set user iwing class ?

Possible completions:

<class> Login class

operator permissions [ clear network reset trace view ]

read-only permissions [ view ]

super-user permissions [ all ]

unauthorized permissions [ none ]

[edit system login]

root@cnc1# set user iwing class super-user authentication plain-text-password

New password:

----------------------------------------------------------------------

[edit system login]

root@cnc1# show

message "\n\n!========================================================!\n\

n!Router cnc, maintened by:iwing !\n\

n!Access to this device is limited to authorized user only!\n\

n!WARNING!!!:ALL unathourized access is prohibited. !\n\

n!========================================================!\n\n"

user iwing {

class super-user;

authentication {

encrypted-password "$1$rQy0ZTV0$A1hVDjhzF2niCbd/4MI0K."; ## SECRET-DATA

}

}

user opera {

class operator;

authentication {

encrypted-password "$1$6DgOHvQJ$xNr3US1VTandQun3eo452."; ## SECRET-DATA

}

}

user read-only {

class read-only;

authentication {

encrypted-password "$1$VgO2OXwN$PNs8KzL.tKe1848Wo1Fw4/"; ## SECRET-DATA

}

}

user unauthorized {

class unauthorized;

authentication {

encrypted-password "$1$0hWrv0fl$yCjqi0n8XC4UxjqlZAA0m/"; ## SECRET-DATA

}

}

----------------------------------------------------------------------

iwing@cnc1> show cli authorization

Current user: 'iwing ' class 'super-user'

Permissions:

admin -- Can view user accounts

admin-control-- Can modify user accounts

clear -- Can clear learned network info

configure -- Can enter configuration mode

control -- Can modify any config

edit -- Can edit full files

field -- Can use field debug commands

floppy -- Can read and write the floppy

interface -- Can view interface configuration

interface-control-- Can modify interface configuration

network -- Can access the network

reset -- Can reset/restart interfaces and daemons

routing -- Can view routing configuration

routing-control-- Can modify routing configuration

shell -- Can start a local shell

snmp -- Can view SNMP configuration

snmp-control-- Can modify SNMP configuration

system -- Can view system configuration

system-control-- Can modify system configuration

trace -- Can view trace file settings

trace-control-- Can modify trace file settings

view -- Can view current values and statistics

maintenance -- Can become the super-user

firewall -- Can view firewall configuration

firewall-control-- Can modify firewall configuration

secret -- Can view secret statements

secret-control-- Can modify secret statements

rollback -- Can rollback to previous configurations

security -- Can view security configuration

security-control-- Can modify security configuration

access -- Can view access configuration

access-control-- Can modify access configuration

view-configuration-- Can view all configuration (not including secrets)

flow-tap -- Can view flow-tap configuration

flow-tap-control-- Can modify flow-tap configuration

all-control -- Can modify any configuration

Individual command authorization:

Allow regular expression: none

Deny regular expression: none

Allow configuration regular expression: none

Deny configuration regular expression: none

iwing@cnc1>

----------------------------------------------------------------------

login: opera

Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

opera@cnc1> show configuration

## Last commit: 2010-06-26 06:17:02 UTC by root

version /* ACCESS-DENIED */;

system { /* ACCESS-DENIED */ };

interfaces { /* ACCESS-DENIED */ };

opera@cnc1>

cnc1 (ttyd0)

opera@cnc1> show cli authorization

Current user: 'opera ' class 'operator'

Permissions:

clear -- Can clear learned network info

network -- Can access the network

reset -- Can reset/restart interfaces and daemons

trace -- Can view trace file settings







opera@cnc1>

----------------------------------------------------------------------

login: read-only

Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

read-only@cnc1> show configuration

## Last commit: 2010-06-26 06:17:02 UTC by root

version /* ACCESS-DENIED */;

system { /* ACCESS-DENIED */ };

interfaces { /* ACCESS-DENIED */ };

read-only@cnc1>

read-only@cnc1> show cli authorization

Current user: 'read-only ' class 'read-only'

Permissions:







read-only@cnc1>

----------------------------------------------------------------------

login: unauthorized

Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

warning: user "unauthorized" does not have a valid login class

error: Unable to authenticate: bad auth parameter.

Login as root and 'commit' the configuration.

unauthorized@cnc1>

unauthorized@cnc1> exit

----------------------------------------------------------------------

"sekian dulu mudah-mudahan bermanfaat dan salam sedogedoi"

Documents

Belajar Mengkonfigurasi Banner,telnet, ssh,ftp,http and Customizing Account Privileges in Junos