J-series™ Services Router Administration Guide

Encrypting Configuration Files

To encrypt configuration files on a Services Router:

1.Enter operational mode in the CLI.

2.To configure an encryption key in EEPROM and determine the encryption process, enter one of the request system set-encryption-keycommands described in Table 103 on page 204.

Table 103: request system set-encryption-key Commands

CLI Command

Description

request system set-encryption-keySets the encryption key and enables default configuration file encryption as follows:

AES encryption for the Canada and U.S. version of the JUNOS software

DES encryption for the international version of the JUNOS software

request system set-encryption-key algorithm des

request system set-encryption-key unique

Sets the encryption key and specifies configuration file encryption by DES.

Sets the encryption key and enables default configuration file encryption with a unique encryption key that includes the chassis serial number of the Services Router.

Configuration files encrypted with the unique key can be decrypted only on the current router. You cannot copy such configuration files to another router and decrypt them.

request system set-encryption-key des Sets the encryption key and specifies configuration file encryption by DES with a

unique

unique encryption key.

For example:

user@host> request system set-encryption-key

Enter EEPROM stored encryption key:

3.At the prompt, enter the encryption key. The encryption key must have at least 6 characters.

Enter EEPROM stored encryption key:juniper1

Verifying EEPROM stored encryption key:

4.At the second prompt, reenter the encryption key.

5.Enter configuration mode in the CLI.

6.To enable configuration file encryption to take place, enter the following commands:

user@host# edit system

204Encrypting and Decrypting Configuration Files

Page 226
Image 226
Juniper Networks J-Series Encrypting Configuration Files, For example, Request system set-encryption-key Commands, Unique