2.1.8 Juniper - BlueCat Infrastructure Assurance - 25.2.0

BlueCat LiveAssurance User Guide
ft:locale
en-US
Product name
BlueCat Infrastructure Assurance
Version
25.2.0
Note: We always recommend a system administrator defer to the vendor’s official documentation on credential creation. Please follow the vendor’s instructions for configuring the device for access with an ssh key, and then use the LiveAssurance WebGUI to store the Private key in the relevant Credential Profile.
In order for the LiveAssurance User to monitor a Juniper SRX properly, two steps must be completed on the SRX.

  1. Enable SSH for Scripting Access.

  2. Create a Locally Authenticated LiveAssurance User with Administrator Rights.

How to Enable SSH for Scripting Access

First, verify SSH is configured via the CLI by entering the following command: “show configuration system services

You should see the following SSH protocol present:
ssh {
    protocol-version v2;
}
If SSH is not configured correctly, then enter the following commands in configuration mode:
set system services ssh protocol-versino v2
commit
Note: If access to the SRX is firewalled, SSH must be allowed from the LiveAssurance server via the firewall.
To verify and/or enable SSH is enabled via the J-Web interface, please see the following:

  1. Configure > System Properties > Management Access

  2. Click Edit button on the right upper corner

  3. Check Enable SSH box (if not already checked)

  4. Click OK



Select commit from Actions pull down menu to activate the configuration.



How to Create a User with Administrator Rights

A locally authenticated User account with administrative privileges is required for LiveAssurance to access SRX devices. Please note that the “root” account cannot be used for this purpose.

Creating the User Account via the CLI

Enter the following commands in configuration mode:
set system login user indeni-user class super-user
set system login user indeni-user authentication plain-text-password
New password: ********
Retype new password ********
commit
To verify that the user configuration is completed, enter the following in operational mode:
show configuration system login
Below is the expected output:
user indeni-user {
    uid XXXX;
    class super-user;
    authentication {
        encrypted-password “XXXXXXXXXXX”; ## SECRET-DATA
    }
}

Creating a User Account via J-Web

  1. Select Configuration > System Properties > User Management

  2. Click Edit on the right upper corner:



  3. Click Add button to add a new account.

  4. Ensure that the Login class is “super-user”.

  5. Click OK to add the new account:





  6. Verify the account appears as below:



  7. Select Commit from Actions pull down menu to activate the configuration.

  8. Test the newly created account from a remote system, then enter the following command: ssh indeni-admin@srx-jfw

    Below is the expected output:
    UNAUTHORIZED USE OF THIS SYSTEM
 IS STRICTLY PROHIBITED!
 Password: **********
— JUNOS 12.1X46-D65.4 built 2016-12-30 01:34:30 UTC
 indeni-admin@SRX-JFW>