diff options
| author | Mike Nowak <mikenowak@users.noreply.github.com> | 2017-09-30 19:49:56 +0900 |
|---|---|---|
| committer | Mike Nowak <mikenowak@users.noreply.github.com> | 2017-09-30 19:49:56 +0900 |
| commit | 9b95c19b8dfb3f4e0b611f1dec66eb81cb068640 (patch) | |
| tree | ac718bdccf134a39c7aa7d309089dc1d725341e1 /docs/vyatta.md | |
| parent | ad863464292eb6b77eb386c6a72cff9a6ba55b88 (diff) | |
Adding support for vyatta
Diffstat (limited to 'docs/vyatta.md')
| -rw-r--r-- | docs/vyatta.md | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/docs/vyatta.md b/docs/vyatta.md new file mode 100644 index 0000000..21c4c28 --- /dev/null +++ b/docs/vyatta.md @@ -0,0 +1,55 @@ +# Looking Glass: Vyatta/VyOS/EdgeOS configuration and tips. + +## Security and user access + +Unfortunately starting with EdgeOS [v1.9.7+hotfix.3](https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117) release the shell access to the router is no longer possible for the operator users. + +Here is a quote: +``` +[User account] WARNING! Disabled shell access for operator user. From now on operator +user will have only WebUI access If operator user will try to access shell (via SSH or telnet) +then error message "This account is currently not available" will be displayed and access +will be denied. We decided to decrease operator user privileges for security reasons. +``` + +This of course complicates the things, and basically translates to the need for admin level (super-user) access. + +Please make sure that you understand security implications of this. + +# Configuration: + +Firstly create a new user with the admin level privileges: + +``` +[edit] +set system login user <username> level admin +``` + +For security purpose, it is highly recommended to use an authentication mecanism based on SSH public keys. For that you can use one of the following commands: + +``` +[edit] +user@router# set system login user <username> authentication ssh-rsa "<key>" +[edit] +user@router# set system login user <username> authentication ssh-dsa "<key>" +[edit] +user@router# set system login user <username> authentication ssh-ecdsa "<key>" +``` + +However if for your own reasons you prefer to use a password based authentication (you should not) you can use the encrypted-password or plain-text-password argument of the authentication command. + +To commit your changes to the router use: + +``` +[edit] +user@router# show | compare +... +[edit] +user@router# commit +``` + +## Debug + +Test the SSH/Telnet connection from the server where the looking glass is +installed and you should see some outputs in your logs depending on your +configuration. |