Hi
Le lun. 8 juil. 2024 à 22:48, Wojciech Janiszewski via juniper-nsp
a écrit :
>
> Hi Phil,
>
> Seems that it's supported from 23.4
>
> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11993=Logging%20support%20for%20routing%20engine%20shell%20and%20line%20card%20shell
Just
Hi Phil,
Seems that it's supported from 23.4
https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11993=Logging%20support%20for%20routing%20engine%20shell%20and%20line%20card%20shell
HTH,
Wojciech
sob., 6 lip 2024, 08:27 użytkownik Phil Mawson via juniper-nsp <
>
> If you have Cisco HTTS or Juniper ACP or the like, where you get named
> engineers, then you can develop a mutual trust and give those
> engineers access to your network.
>
To each their own, but I'm with Jared on this. No way would a vendor have
any direct access. The most permissive I'd
This depends greatly on how you've set up your support.
If you have Cisco HTTS or Juniper ACP or the like, where you get named
engineers, then you can develop a mutual trust and give those
engineers access to your network.
But if you're going through a normal process, perhaps additional care
is
I don't trust my vendors to run commands on my devices, it's not
personal. If there is a diagnostic that they want run, they need to be
able to articulate the operational risk, or we may want to validate in a
virtual or real physical router.
- Jared
On Sun, Jul 07, 2024 at
For things like TAC use, what I've previously done is made a vendor
shell, where the shell program is screen instead of shell, and screen
is set up to log.
On Sat, 6 Jul 2024 at 16:50, Job Snijders wrote:
>
> Perhaps it’s just about wanting to keep track “what happened?!?”
>
> For such a
Perhaps it’s just about wanting to keep track “what happened?!?”
For such a scenario, consider conserver
https://www.conserver.com/docs/console.man.html and script
http://man.openbsd.org/script to store the terminal interactions
Assume untrusted users probably can escape these such environments
I don't believe there is any supported way to do this, an unsupported
way, probably, but also probably an educated operator could circumvent
it anyhow.
You probably shouldn't allow untrusted users to access the shell.
On Sat, 6 Jul 2024 at 09:26, Phil Mawson via juniper-nsp
wrote:
>
> Hi,
>
>
Hi,
Once a user enters the unix shell on a Juniper router/switch (Ie: start shell),
it appears all standard logging of the commands typed is not captured by syslog
and obviously not sent to AAA for authorisation.
Is there a way to capture all commands users type and send to an external
9 matches
Mail list logo
