Belajar Mengkonfigurasi Banner,telnet,

ssh,ftp,http and Customizing Account Privileges

in Junos
http://iwing.wordpress.com
http://www.ittelkom.ac.id/pinguin

----------------------------------------------------------------------
Belajar membuat banner:
----------------------------------------------------------------------
[edit system login]
root@cnc1#set message "\n\n!========================================================!\n\
n!Router cnc, maintened by:iwing !\n\
n!Access to this device is limited to authorized user only!\n\
n!WARNING!!!:ALL unathourized access is prohibited. !\n\
n!========================================================!\n\n"

----------------------------------------------------------------------
Hasil pengujian
----------------------------------------------------------------------

----------------------------------------------------------------------
Belajar mengkonfigurasi layanan telnet, ssh, ftp dan http
----------------------------------------------------------------------
[edit system services]
root@cnc1# set ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> finger Allow finger requests from remote systems
> ftp Allow FTP file transfers
> netconf Allow NETCONF connections
> outbound-ssh Initiate outbound SSH connection
> service-deployment Configuration for Service Deployment (SDXD) management application
> ssh Allow ssh access
> telnet Allow telnet login
> web-management Web management configuration
> xnm-clear-text Allow clear text-based JUNOScript connections
> xnm-ssl Allow SSL-based JUNOScript connections
[edit system services]
root@cnc1# set
----------------------------------------------------------------------
----------------------------------------------------------------------
[edit system services]
root@cnc1# set ftp
root@cnc1# set telnet
root@cnc1# set ssh
root@cnc1# set web-management http port 80
----------------------------------------------------------------------
Pengecekan
----------------------------------------------------------------------
root@cnc1# show
ftp;
ssh;
telnet;
web-management {
http {
port 80;
}
}

[edit system services]

root@cnc1#

----------------------------------------------------------------------
Pengujian layanan telnet
----------------------------------------------------------------------
root@cnc1# run telnet 192.168.10.2
Trying 192.168.10.2...
Connected to 192.168.10.2.
Escape character is '^]'.

!========================================================!

!Router cnc, maintened by:iwing !

!Access to this device is limited to authorized user only!

!WARNING!!!:ALL unathourized access is prohibited. !

!========================================================!

cnc2 (ttyp0)

login: iwing
Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

iwing@cnc2>
----------------------------------------------------------------------
Pengujian layanan ssh
----------------------------------------------------------------------
root@cnc1# run ssh [email protected]
The authenticity of host '192.168.10.2 (192.168.10.2)' can't be established.
RSA key fingerprint is d4:14:d7:88:0e:91:06:87:0a:6e:8b:38:ec:07:3f:86.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.2' (RSA) to the list of known hosts.

!========================================================!

!Router cnc, maintened by:iwing !

!Access to this device is limited to authorized user only!

!WARNING!!!:ALL unathourized access is prohibited. !

!========================================================!

[email protected]'s password:
--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC
iwing@cnc2>
----------------------------------------------------------------------
Pengujian layanan ftp
----------------------------------------------------------------------
[edit]
root@cnc1# run ftp 192.168.10.2
Connected to 192.168.10.2.
220 cnc2 FTP server (Version 6.00LS) ready.
Name (192.168.10.2:root): iwing
331 Password required for iwing.
Password:
230 User iwing logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> binary
200 Type set to I.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 4
drwxr-xr-x 2 iwing staff 512 Jun 24 09:24 .ssh
226 Transfer complete.
ftp> bye
221 Goodbye.

[edit]
root@cnc1#

----------------------------------------------------------------------
Pengujian layanan http
----------------------------------------------------------------------

----------------------------------------------------------------------
Customizing Account Privileges in Junos
----------------------------------------------------------------------
The JUNOS software has four built-in privilege levels:
----------------------------------------------------------------------
[edit system login]
root@cnc1# set user iwing class ?
Possible completions:
<class> Login class
operator permissions [ clear network reset trace view ]
read-only permissions [ view ]
super-user permissions [ all ]
unauthorized permissions [ none ]
[edit system login]
root@cnc1# set user iwing class super-user authentication plain-text-password
New password:
----------------------------------------------------------------------
[edit system login]
root@cnc1# show
message "\n\n!========================================================!\n\
n!Router cnc, maintened by:iwing !\n\
n!Access to this device is limited to authorized user only!\n\
n!WARNING!!!:ALL unathourized access is prohibited. !\n\
n!========================================================!\n\n"

user iwing {
class super-user;
authentication {
encrypted-password "$1$rQy0ZTV0$A1hVDjhzF2niCbd/4MI0K."; ## SECRET-DATA
}
}
user opera {
class operator;
authentication {
encrypted-password "$1$6DgOHvQJ$xNr3US1VTandQun3eo452."; ## SECRET-DATA
}
}
user read-only {
class read-only;
authentication {
encrypted-password "$1$VgO2OXwN$PNs8KzL.tKe1848Wo1Fw4/"; ## SECRET-DATA
}
}
user unauthorized {
class unauthorized;
authentication {
encrypted-password "$1$0hWrv0fl$yCjqi0n8XC4UxjqlZAA0m/"; ## SECRET-DATA
}
}

----------------------------------------------------------------------
iwing@cnc1> show cli authorization
Current user: 'iwing ' class 'super-user'
Permissions:
admin -- Can view user accounts
admin-control-- Can modify user accounts
clear -- Can clear learned network info
configure -- Can enter configuration mode
control -- Can modify any config
edit -- Can edit full files
field -- Can use field debug commands
floppy -- Can read and write the floppy
interface -- Can view interface configuration
interface-control-- Can modify interface configuration
network -- Can access the network
reset -- Can reset/restart interfaces and daemons
routing -- Can view routing configuration
routing-control-- Can modify routing configuration
 shell -- Can start a local shell
snmp -- Can view SNMP configuration
snmp-control-- Can modify SNMP configuration
system -- Can view system configuration
system-control-- Can modify system configuration
trace -- Can view trace file settings
trace-control-- Can modify trace file settings
view -- Can view current values and statistics
maintenance -- Can become the super-user
firewall -- Can view firewall configuration
firewall-control-- Can modify firewall configuration
secret -- Can view secret statements
secret-control-- Can modify secret statements
rollback -- Can rollback to previous configurations
security -- Can view security configuration
security-control-- Can modify security configuration
access -- Can view access configuration
access-control-- Can modify access configuration
view-configuration-- Can view all configuration (not including secrets)
flow-tap -- Can view flow-tap configuration
flow-tap-control-- Can modify flow-tap configuration
all-control -- Can modify any configuration
Individual command authorization:
Allow regular expression: none
Deny regular expression: none
Allow configuration regular expression: none
Deny configuration regular expression: none

iwing@cnc1>

----------------------------------------------------------------------
login: opera
Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

opera@cnc1> show configuration
## Last commit: 2010-06-26 06:17:02 UTC by root
version /* ACCESS-DENIED */;
system { /* ACCESS-DENIED */ };
interfaces { /* ACCESS-DENIED */ };

opera@cnc1>
cnc1 (ttyd0)

opera@cnc1> show cli authorization

Current user: 'opera ' class 'operator'
Permissions:
clear -- Can clear learned network info
network -- Can access the network
reset -- Can reset/restart interfaces and daemons
trace -- Can view trace file settings
view -- Can view current values and statistics
Individual command authorization:
Allow regular expression: none
Deny regular expression: none
Allow configuration regular expression: none
Deny configuration regular expression: none

opera@cnc1>

----------------------------------------------------------------------
login: read-only
Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

read-only@cnc1> show configuration
## Last commit: 2010-06-26 06:17:02 UTC by root
version /* ACCESS-DENIED */;
system { /* ACCESS-DENIED */ };
interfaces { /* ACCESS-DENIED */ };
read-only@cnc1>

read-only@cnc1> show cli authorization

Current user: 'read-only ' class 'read-only'
Permissions:
view -- Can view current values and statistics
Individual command authorization:
Allow regular expression: none
Deny regular expression: none
Allow configuration regular expression: none
Deny configuration regular expression: none

read-only@cnc1>

----------------------------------------------------------------------
login: unauthorized
Password:

--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC

warning: user "unauthorized" does not have a valid login class

error: Unable to authenticate: bad auth parameter.

Login as root and 'commit' the configuration.
unauthorized@cnc1>
unauthorized@cnc1> exit

----------------------------------------------------------------------
"sekian dulu mudah-mudahan bermanfaat dan salam sedogedoi"