Knowledge Base
Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles[Junos Space/SD] Device discovery using Key-Based Authentication
Solution:
There are two ways to authenticate the device while discovering it via Junos Space.
The procedure is as follows:
Note: The images are taken from Junos Space version 19.4 and vSRX version 20.2. Although the screenshots are from Security Director, the steps remain the same when performed via Junos Space.
1. Create Device Discovery profile by clicking SD > Devices > Device Discovery > Create. Fill in Name and IP address.
2. Select the probes needed to reach the device. Herein, Junos Space will send SNMP and ICMP probes to the SRX for discovery.
3. Select Key-Based Authentication. It is expected that Junos Space public key is attached to user “Test” and already installed in the device. If the Junos Space public Key doesn’t exist in the device for “Test” user, select “Upload space key to device”.
4. [Optional] If the user “Test” doesn’t have Junos Space public Key or if the user doesn’t exists in the device, then user “Test” will be created in the device. In the “Authorised Username” and “Authorised Password” mention the SSH-enabled credentials.
5. It displays the fingerprint. Click on Next.
6. It shows the schedule of the Job. Select “Run Now” and “Finish”.
7. Summary of Discovery Profile is displayed. Click “Ok”.
8. Job runs and “Success” state is shown here. This state implies, device is added successfully.
The below configuration is added by the Junos Space in the managed device [SRX]. Note that a “Test” user is added to the SRX.
#set system login user Test uid 2001
#set system login user Test class super-user
#set system login user Test authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1YEII8rKPZfZeMNufIuIeZ0XNU/93slY7VJm6JYi8MV8OjyAdb4mirDVqkFjb9N1UhjHNwOrcxrwGHBMPODf4I9QrBBNaBtD1svCyf08mqsbhUDMwARFotMn7o2MZmIPa8fnXifS0DBRcJ0mLzLhgrQu6+GxM7j12Qo1IWgGlwiCkt5ZrhQYDCdLUsb6zSHjIeXaNG8DRr8C3o8IJD80d3S6MJ9fx8Zi55KaIDsLQrTipJCxzkONWaMOKg+4zfwFK4KkZnkk3LHRYjf+t9pH1Du4mrdLGubwcV/cmVa3YU7r40a1QK2Rc4JtHCuAJBuWicDUxKvm/oDatXV11JHzL"
#set system services ssh max-sessions-per-connection 32
#set system syslog file default-log-messages any info
#set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES"
#set system syslog file default-log-messages structured-data
#set snmp trap-group space targets 10.219.96.194
- Credentials-Based Authentication
- Key-Based Authentication
The procedure is as follows:
Note: The images are taken from Junos Space version 19.4 and vSRX version 20.2. Although the screenshots are from Security Director, the steps remain the same when performed via Junos Space.
1. Create Device Discovery profile by clicking SD > Devices > Device Discovery > Create. Fill in Name and IP address.
2. Select the probes needed to reach the device. Herein, Junos Space will send SNMP and ICMP probes to the SRX for discovery.
3. Select Key-Based Authentication. It is expected that Junos Space public key is attached to user “Test” and already installed in the device. If the Junos Space public Key doesn’t exist in the device for “Test” user, select “Upload space key to device”.
4. [Optional] If the user “Test” doesn’t have Junos Space public Key or if the user doesn’t exists in the device, then user “Test” will be created in the device. In the “Authorised Username” and “Authorised Password” mention the SSH-enabled credentials.
5. It displays the fingerprint. Click on Next.
6. It shows the schedule of the Job. Select “Run Now” and “Finish”.
7. Summary of Discovery Profile is displayed. Click “Ok”.
8. Job runs and “Success” state is shown here. This state implies, device is added successfully.
The below configuration is added by the Junos Space in the managed device [SRX]. Note that a “Test” user is added to the SRX.
#set system login user Test uid 2001
#set system login user Test class super-user
#set system login user Test authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1YEII8rKPZfZeMNufIuIeZ0XNU/93slY7VJm6JYi8MV8OjyAdb4mirDVqkFjb9N1UhjHNwOrcxrwGHBMPODf4I9QrBBNaBtD1svCyf08mqsbhUDMwARFotMn7o2MZmIPa8fnXifS0DBRcJ0mLzLhgrQu6+GxM7j12Qo1IWgGlwiCkt5ZrhQYDCdLUsb6zSHjIeXaNG8DRr8C3o8IJD80d3S6MJ9fx8Zi55KaIDsLQrTipJCxzkONWaMOKg+4zfwFK4KkZnkk3LHRYjf+t9pH1Du4mrdLGubwcV/cmVa3YU7r40a1QK2Rc4JtHCuAJBuWicDUxKvm/oDatXV11JHzL"
#set system services ssh max-sessions-per-connection 32
#set system syslog file default-log-messages any info
#set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES"
#set system syslog file default-log-messages structured-data
#set snmp trap-group space targets 10.219.96.194
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search