Configure JunOS via SSH and NETCONF

I was looking for an easy and fast way to push configuration to our Juniper devices. Preferably one that doesn’t need anything special except a ssh connection.

I started with a standard Juniper configuration snippet. Something like this:

policy-options {
    policy-statement deny-everything {
        then reject;

How do we get this on the device? Luckily Juniper (as well as other vendors) supports a feature called NETCONF ({% include rfc.html rfc=“6241” %}) which uses a XML RPC API to talk to the device. You need to enable it together with SSH:

Read on