Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos Space/SD] Device discovery using Key-Based Authentication

0

0

Article ID: KB36373 KB Last Updated: 11 Dec 2020Version: 1.0
Summary:
This article highlights the procedure to add the devices in Junos Space and Security Director using Key-Based Authentication. This is especially useful for large scale deployments wherein keys are used for authenticating instead of credentials. 
Solution:
There are two ways to authenticate the device while discovering it via Junos Space.
  • Credentials-Based Authentication
  • Key-Based Authentication
This KB will be focussing on Key-Based Authentication. When adding devices, Junos Space will check the device for a public key to authenticate the device . If the device doesn't have a public key, there is an option to upload the public key by using SSH Username/Password credentials from Junos Space itself.
 
The procedure is as follows:
 
Note: The images are taken from Junos Space version 19.4 and vSRX version 20.2. Although the screenshots are from Security Director, the steps remain the same when performed via Junos Space.

 
1.  Create Device Discovery profile by clicking SD > Devices > Device Discovery > Create. Fill in Name and IP address.




2. Select the probes needed to reach the device. Herein, Junos Space will send SNMP and ICMP probes to the SRX for discovery.

 
3. Select Key-Based Authentication. It is expected that Junos Space public key is attached to user “Test” and already installed in the device. If the Junos Space public Key doesn’t exist in the device for “Test” user, select “Upload space key to device”.

 
4. [Optional] If the user “Test” doesn’t have Junos Space public Key or if the user doesn’t exists in the device, then user “Test” will be created in the device. In the “Authorised Username” and “Authorised Password” mention the SSH-enabled credentials.

 
5. It displays the fingerprint. Click on Next.

 
6. It shows the schedule of the Job. Select “Run Now” and “Finish”.
 

7. Summary of Discovery Profile is displayed. Click “Ok”.
 

8. Job runs and “Success” state is shown here. This state implies, device is added successfully.
 
 

 
The below configuration is added by the Junos Space in the managed device [SRX]. Note that a “Test” user is added to the SRX.
 
#set system login user Test uid 2001
#set system login user Test class super-user
#set system login user Test authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1YEII8rKPZfZeMNufIuIeZ0XNU/93slY7VJm6JYi8MV8OjyAdb4mirDVqkFjb9N1UhjHNwOrcxrwGHBMPODf4I9QrBBNaBtD1svCyf08mqsbhUDMwARFotMn7o2MZmIPa8fnXifS0DBRcJ0mLzLhgrQu6+GxM7j12Qo1IWgGlwiCkt5ZrhQYDCdLUsb6zSHjIeXaNG8DRr8C3o8IJD80d3S6MJ9fx8Zi55KaIDsLQrTipJCxzkONWaMOKg+4zfwFK4KkZnkk3LHRYjf+t9pH1Du4mrdLGubwcV/cmVa3YU7r40a1QK2Rc4JtHCuAJBuWicDUxKvm/oDatXV11JHzL"
 
#set system services ssh max-sessions-per-connection 32
 
#set system syslog file default-log-messages any info
#set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES"
#set system syslog file default-log-messages structured-data
#set snmp trap-group space targets 10.219.96.194
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search