Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX series] How to log in or copy a file to a Junos OS device using SSH public/private keys instead of password

0

0

Article ID: KB28574 KB Last Updated: 23 Dec 2013Version: 1.0
Summary:

This article describes how to log in or copy a file to a Junos OS EX series switch using SSH public/private keys instead of a password. The command ssh-keygen is used to generate a public-private key pair. Then the public key is loaded into a remote authorized_keys file so that the files can be safely and securely copied to a remote server.

Symptoms:

User wants to log in or copy a file to a Junos OS EX series switch using SSH public/private keys instead of a password

Cause:

Solution:

To create or generate a public/private ssh-keygen key pair, run the following commands:

root# run start shell
root@:RE:0% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Passphrases do not match. Try again.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
29:5e:3d:c9:4c:e1:d2:42:a9:78:a6:e4:a6:b9:df:f1 root@
The key's randomart image is:
+--[ RSA 2048]----+
| ... |
| ..o . |
| . .o + |
| o + O . |
| o +. S * |
| +. o . |
| + o |
| o . o |
| .o. . E |
+-----------------+
root@:RE:0% cd /root/.ssh/
root@:RE:0% cat id_rsa.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC6bOKd6NLHnb7jvK6dQDo6fug+eQA46
ZDEGFRCNYbR2uFv9qUSJTp91fr4GgrSPkAeG3qlsG+fHxnQ+rRYEhphVf10ovdGQ5ShPi
W9+rsmaS83AlcIDEw7jy8JkVpO5rfho/SMaDldnurBYoaVW8I+jX1msdojsoktn1S1CQM
oWcedlm7SKjdJVg3YexC7JgBiizt3fScfzrG0p73MOwo4O5ex9a5hf5w7rXII/6IEBw3m
GgQo1jFgWXt1DqNm5iujTslEnqjAmguG7zuVmkcHEhyyIcmhCX+kbfU9+QHOvmgoTPuc/
SmaEGzCJaOyE53KxeM+5Xy7kSRoKbXsodg1 root@   
<<< This is all one line.

Copy the contents of the id_rsa.pub public key on the client to the authorized_keys file on the server.

login as: root
root@10.9.221.46's password:
--- JUNOS 12.3R2.5 built 2013-03-22 17:10:33 UTC
root@SWITCH:RE:0% pwd
/var/root
root@SWITCH:RE:0% cd /var/root/.ssh
root@SWITCH:RE:0% echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6bOKd6N
LHnb7jvK6dQDo6fug+eQA46ZDEGFRCNYbR2uFv9qUSJTp91fr4GgrSPkAeG3qlsG+fHxnQ
+rRYEhphVf10ovdGQ5ShPiW9+rsmaS83AlcIDEw7jy8JkVpO5rfho/SMaDldnurBYoaVW8
I+jX1msdojsoktn1S1CQMoWcedlm7SKjdJVg3YexC7JgBiizt3fScfzrG0p73MOwo4O5ex
9a5hf5w7rXII/6IEBw3mGgQo1jFgWXt1DqNm5iujTslEnqjAmguG7zuVmkcHEhyyIcmhCX
+kbfU9+QHOvmgoTPuc/SmaEGzCJaOyE53KxeM+5Xy7kSRoKbXsodg1 root@
"
>> authorized_keys

User can now log in to the switch without entering any password.

root@:RE:0% ssh 10.9.221.46
--- JUNOS 12.3R2.5 built 2013-03-22 17:10:33 UTC
root@SWITCH:RE:0%
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search