Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Generating and Uploading Authentication Keys to Devices

 

Junos Space Network Management Platform can authenticate a device either by using credentials (username and password) or by keys. Junos Space Network Management Platform supports RSA, DSA, and ECDSA public-key cryptographic principles to perform key-based authentication. You can select a key size of 2048 or 4096 bits. Junos Space Platform includes a default set of public-private key pairs; the public key is uploaded to the device and the private key is stored on the Junos Space server.

Note

If you generated a new set of keys, you can either upload the new keys to the devices or resolve key conflicts when the device is disconnected from Junos Space Platform. For more information about resolving key conflicts, refer to Resolving Key Conflicts.

The following tasks describe how to the generate keys in Junos Space Platform and upload the public keys to the devices:

Generating Authentication Keys

To generate a public/private key pair for authentication during login to network devices:

  1. On the Junos Space Network Management Platform user interface, select Administration > Fabric.

    The Fabric page is displayed.

  2. Click the Manage SSH Key icon on the Actions bar.

    The Key Generator pop-up window is displayed.

  3. (Optional) In the Passphrase field, enter a passphrase to be used to protect the private key, which remains on the system running Junos Space Network Management Platform and is used during device login. The passphrase must have a minimum of five and a maximum of 40 characters. A long passphrase is harder to break by brute-force guessing. Space, Tab, and Backslash (\) characters are not allowed. Although not mandatory, it is recommended that you set a passphrase to prevent attackers from gaining control of your system and logging in to your managed network devices.
  4. (Optional) Select the Show Passphrase check box to view the passphrase you entered.
  5. From the Algorithm drop down list, select the key algorithm used to the generate the key.

    The options are RSA, DSA, and ECDSA. By default, RSA is selected.

  6. From the Key Size drop down list, select the length of the key algorithm that is uploaded to the devices.

    The options are 2048 Bits and 4096 Bits. By default, 2048 Bits is selected.

  7. (Optional) Schedule the Junos Space Network Management Platform to generate authentication keys at a later time or immediately.
    • To specify a later start date and time for key generation, select the Schedule at a later time check box.

    • To initiate key generation as soon as you click Generate, clear the Schedule at a later time check box (the default).

    Note

    The selected time in the scheduler corresponds to the Junos Space server time but uses the local time zone of the client computer.

  8. Click Generate.

    The Manage SSH Key Job Information dialog box appears, displaying a job ID link for key generation. Click the link to determine whether the key is generated successfully.

Note

If there are already scheduled report generation or configuration backup tasks when you change the SSH key, ensure that you update the new SSH Key on the SCP server.

Uploading Authentication Keys to Multiple Managed Devices for the First Time

To upload authentication keys to multiple managed devices for the first time:

  1. On the Junos Space Network Management Platform user interface, select Devices > Device Management.

    The Device Management page is displayed.

  2. Click the Upload Keys to Devices icon on the Actions bar.

    The Upload Keys to Devices pop-up window is displayed.

  3. You can upload the keys to one device or multiple devices:

    To upload keys to a single device:

    1. Select the Add Manually option button.

      The Authentication Details section that appears displays the options related to manually uploading keys to a single device.

    2. Select the IP Address or Hostname option button.

      If you selected the IP Address option, enter the IP address of the device.

      Note

      You can enter the IP address in either IPv4 or IPv6 format.

      If you selected the Hostname option, enter the hostname of the device.

    3. In the Device Admin field, enter the appropriate username for that device.
    4. In the Password field, enter the password for that device.
    5. (Optional) To authorize a different user on the target device, select the Authorize different user on device check box and enter the username in the User on Device field.

      If the username you specify in the User on Device field does not exist on the device, a user with this username is created and the key is uploaded for this user. If the User on Device field is not specified, then the key is uploaded for the device administrator user on the device.

    6. Click Next.

      You are directed to the next page. This page displays the details of the device you entered—IP Address/Hostname, Device Admin, Password, and User on Device.

    7. Click Finish to upload keys to the device.

      The Job Information dialog box appears.

    8. (Optional) Click the Job ID in the Job Information dialog box to view job details for the upload of keys to the device.

      The Job Management page appears. View the job details to know whether this job is successful.

    To upload keys to multiple devices:

    1. Select Import From CSV.
    2. (Optional) To see a sample CSV file as a pattern for setting up your own CSV file, select View Sample CSV. A separate window appears, allowing you to open or download a sample CSV file.

      Refer to the sample CSV file for the format of entering the device name, IP address, device password, and a username on the device. If the username you specify in the User on Device column does not exist on the device, a user with this username is created and the key is uploaded for this user. If the user on device column is not specified, then the key is uploaded for the device administrator user on the device.

    3. When you have a CSV file listing the managed devices and their data, select Select a CSV To Upload.

      The Select CSV File dialog box appears.

    4. Click Browse to navigate to where the CSV file is located on the local file system. Make sure that you select a file that has a .csv extension.
    5. Click Upload to upload the authentication keys to the device.

      An Information dialog box displays information about the total number of records that are uploaded and whether this operation is a success.

      Junos Space Network Management Platform displays the following error if you try to upload non-CSV file formats:
      Please select a valid CSV file with '.csv' extension.

    6. Click OK in the information dialog box that appears.

      The green check mark adjacent to the Select a CSV To Upload field indicates that the file is successfully uploaded.

    7. Click Next.

      You are directed to the next page. This page displays the details of the device you entered—IP Address/Hostname, Device Admin, Password, and User on Device.

    8. Click Finish.

      The Job Information dialog box appears.

    9. (Optional) Click the Job ID to view job details for the upload of keys to the device.

      The Job Management page appears. View the job details to know whether this job is successful.

    New keys generated on Junos Space Platform are automatically uploaded to all managed devices.

Uploading Authentication Keys to Managed Devices With a Key Conflict

To upload authentication keys to one or several managed devices with a key conflict manually:

  1. On the Junos Space Network Management Platform user interface, select Devices > Device Management.

    The Device Management page is displayed.

  2. Select the devices with a key conflict to which you want to upload authentication keys and click the Upload Keys to Devices icon on the Actions bar.

    The Upload Keys to Devices pop-up window is displayed. The IP address fields of the devices are prepopulated.

  3. In the Device Admin field, enter the appropriate username for that device.
  4. In the Password field, enter the password for that device.
  5. Confirm the password by reentering it in the Re-enter Password field.
  6. Select Next to provide details for the next device.
  7. Select Upload to upload the authentication keys to the managed devices.
    The Upload Authentication Key dialog box displays a list of devices with their credentials for your verification.
Note

If you do not specify a username in the User Name field, the key is uploaded for the “user admin” user on the device. If the username you specify in the User Name field does not exist on the device, a user with this username is created and the key is uploaded for this user.