Summary:
This article highlights the procedure to add the devices in Junos Space and Security Director using Key-Based Authentication. This is especially useful for large scale deployments wherein keys are used for authenticating instead of credentials.
Solution:
There are two ways to authenticate the device while discovering it via Junos Space.
- Credentials-Based Authentication
- Key-Based Authentication
This KB will be focussing on Key-Based Authentication. When adding devices, Junos Space will check the device for a public key to authenticate the device . If the device doesn't have a public key, there is an option to upload the public key by using SSH Username/Password credentials from Junos Space itself.
The procedure is as follows:
Note: The images are taken from Junos Space version 19.4 and vSRX version 20.2. Although the screenshots are from Security Director, the steps remain the same when performed via Junos Space.
1. Create Device Discovery profile by clicking SD > Devices > Device Discovery > Create. Fill in Name and IP address.

2. Select the probes needed to reach the device. Herein, Junos Space will send SNMP and ICMP probes to the SRX for discovery.

3. Select Key-Based Authentication. It is expected that Junos Space public key is attached to user “Test” and already installed in the device. If the Junos Space public Key doesn’t exist in the device for “Test” user, select “Upload space key to device”.

4. [Optional] If the user “Test” doesn’t have Junos Space public Key or if the user doesn’t exists in the device, then user “Test” will be created in the device. In the “Authorised Username” and “Authorised Password” mention the SSH-enabled credentials.

5. It displays the fingerprint. Click on Next.

6. It shows the schedule of the Job. Select “Run Now” and “Finish”.
7. Summary of Discovery Profile is displayed. Click “Ok”.
8. Job runs and “Success” state is shown here. This state implies, device is added successfully.
The below configuration is added by the Junos Space in the managed device [SRX]. Note that a “Test” user is added to the SRX.
#set system login user Test uid 2001
#set system login user Test class super-user
#set system login user Test authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1YEII8rKPZfZeMNufIuIeZ0XNU/93slY7VJm6JYi8MV8OjyAdb4mirDVqkFjb9N1UhjHNwOrcxrwGHBMPODf4I9QrBBNaBtD1svCyf08mqsbhUDMwARFotMn7o2MZmIPa8fnXifS0DBRcJ0mLzLhgrQu6+GxM7j12Qo1IWgGlwiCkt5ZrhQYDCdLUsb6zSHjIeXaNG8DRr8C3o8IJD80d3S6MJ9fx8Zi55KaIDsLQrTipJCxzkONWaMOKg+4zfwFK4KkZnkk3LHRYjf+t9pH1Du4mrdLGubwcV/cmVa3YU7r40a1QK2Rc4JtHCuAJBuWicDUxKvm/oDatXV11JHzL"
#set system services ssh max-sessions-per-connection 32
#set system syslog file default-log-messages any info
#set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES"
#set system syslog file default-log-messages structured-data
#set snmp trap-group space targets 10.219.96.194