RANCID with Junos Read-Only User

Here is the setting for a Junos device to create a user with read only privileges to allow RANCID to work.

[plain]
set system login class RANCID permissions access
set system login class RANCID permissions admin
set system login class RANCID permissions firewall
set system login class RANCID permissions flow-tap
set system login class RANCID permissions interface
set system login class RANCID permissions network
set system login class RANCID permissions routing
set system login class RANCID permissions secret
set system login class RANCID permissions security
set system login class RANCID permissions snmp
set system login class RANCID permissions storage
set system login class RANCID permissions system
set system login class RANCID permissions trace
set system login class RANCID permissions view
set system login class RANCID permissions view-configuration

set system login user rancid full-name RANCID
set system login user rancid class RANCID
set system login user rancid authentication encrypted-password “xxx”
[/plain]

Author: cooperlees

Nerd @ instagram

2 thoughts on “RANCID with Junos Read-Only User”

  1. Good example, and almost all the way there. I can also note that this example is probably produced using Junos 12.1 or later, the permission “storage” is not present in earlier releases. (I found a bug that way, you can enter this config int 10.4 using “load merge terminal”, and it will commit, but then you cannot login any more!).

    This is what I am using to get all of my config using RANCID:

    class RANCID {
    permissions [ access admin firewall flow-tap interface network routing secret security snmp storage system trace view view-configuration ];
    allow-configuration “(system scripts)|(event-options)”;
    }

    Remember to remote permission “storage” on releases lower than 12.1

    /Per

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s