Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[CSO] How to get the SSH key of a device through REST API



Article ID: KB37148 KB Last Updated: 06 Jul 2021Version: 1.0

This article describes the procedure to get SSH keys for a device in a site through API in Contrail Service Orchestration (CSO) version 5.1.2.


SSH keys can be retrieved from the "ems-regional" microservice by using the device UUID.

First authenticate with the API:

Then perform the following:

  1. Retrieve the full device list for "ems-regional":

GET https://<CSO_IP>/ems-regional/device        

OR a specific device:

curl -s 'http://<csp-ms-vm>/ems-regional/device'?filters=display_name=="test_device"

See Before You Begin for details.

Example Output Of Single Device

<output snip showing device UUID of  a device named "test-cpe" >  

Note: Device name is the name given to the device while onboarding it to CSO.                                        

            "fq_name": [
            "uuid": " ba86dd1c-6e68-4219-xxxx-407c30371363",
            "uri": "/ems-regional/device/<uuid of cpe>"
  1. Get the device UUID from the above output and use it in the following API query to get the SSH key configured in the device.

GET  https://<CSO_IP>/ems-regional/device/<device UUID>

<output snip showing ssh-rsa key of the device >

    "device": {
        "parent_uuid": "c13d774e-f1c9-4e95-8f81-e71a161fb0a0",
        "display_name": "test-cpe",
        "parent_type": "project",
        "component": [
                "connection_info": {
                    "status": "UP",
                    "username": "csp",
                    "protocol": "netconf_over_ssh",
                    "discover_type": "MODELED",
                    "ip": null,
                    "hostname": null,
                    "conn_init_type": "DIRECT",
                    "auth": "RSA_KEY",
                    "port": null,
                    "conn_type": "DEVICE_INITIATED",
                    "fingerprint": "70:b7:34:8a:56:09:d7:77:43:0c:a3:f8:60:f7:61:83",
                    "secret_key": "$ABC123",
                    "password": null,
                    "first_conn": true,
                    "ssh_rsa_key": "<SSH KEY FOUND HERE, REMOVED>"
                "component_name": "JDM",
                "license_info": null,
                "system_info": {
                    "hardware_model": "nfx250_s2_10_t",
                    "os_version": "18.4R3.3",
                    "os_name": "junos-qfx",
                    "host_name": "jdm",
                    "serial_number": null
                "primary": true
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search