I have a problem with ssh rsa key authentication. I'm using an SRX100H2 that is running JUNOS 12.1X46-D10.2. I generated a private/public key pair without password on an ubuntu host. I copied the public key in /var/tmp using scp on the SRX100H2 and committed the following changes:
user salvador {
uid 2001;
class super-user;
authentication {
ssh-rsa "ssh-rsa AAAA..."
}
}
I loaded the key with load-key-file command. The problem is I can't get authenticated. It's asking for the password every time, although the key has no password. I'm trying to use this account to run some script with fail2ban. To connect, I'm using:
ssh -i .ssh/name_of_the_key -l salvador x.x.x.x
I even went as far as modifying /var/etc/sshd_config on the SRX and added LogLevel DEBUG3, but for some reason it doesn't log so much information as a regular sshd linux daemon.
Is there a bug for this firmware version JUNOS 12.1X46-D10.2, or am I doing something wrong?
Thank you for your help.
I found a workaround. There is a python library named Junos PyEZ:
https://github.com/Juniper/py-junos-eznc
It can connect directly to a junos device using a username and password, without the need of an ssh key, and it can perform various configurations on the device. I managed to create a script that just adds an address in address book and adds that address in an address set that is applied to a security policy. This way the attacking host is banned and cannot access the exposed resources. The script is being run by fail2ban each time it is needed.