Here is the setting for a Junos device to create a user with read only privileges to allow RANCID to work.

[plain]
set system login class RANCID permissions access
set system login class RANCID permissions admin
set system login class RANCID permissions firewall
set system login class RANCID permissions flow-tap
set system login class RANCID permissions interface
set system login class RANCID permissions network
set system login class RANCID permissions routing
set system login class RANCID permissions secret
set system login class RANCID permissions security
set system login class RANCID permissions snmp
set system login class RANCID permissions storage
set system login class RANCID permissions system
set system login class RANCID permissions trace
set system login class RANCID permissions view
set system login class RANCID permissions view-configuration

set system login user rancid full-name RANCID
set system login user rancid class RANCID
set system login user rancid authentication encrypted-password “xxx”
[/plain]

2 thoughts on “RANCID with Junos Read-Only User”
  1. Good example, and almost all the way there. I can also note that this example is probably produced using Junos 12.1 or later, the permission “storage” is not present in earlier releases. (I found a bug that way, you can enter this config int 10.4 using “load merge terminal”, and it will commit, but then you cannot login any more!).

    This is what I am using to get all of my config using RANCID:

    class RANCID {
    permissions [ access admin firewall flow-tap interface network routing secret security snmp storage system trace view view-configuration ];
    allow-configuration “(system scripts)|(event-options)”;
    }

    Remember to remote permission “storage” on releases lower than 12.1

    /Per

Leave a Reply

Your email address will not be published. Required fields are marked *