Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Acknowledging SSH Fingerprints from Devices

 

You trigger this workflow to acknowledge the SSH fingerprints received from devices or resolve any SSH fingerprint conflicts between the fingerprints stored in the Junos Space Platform database and that on the devices. This workflow is enabled only if the Authentication Status column on the Device Management page displays the following status: Credentials Based – Unverified, Key Based – Unverified, Key Conflict – Unverified, or Fingerprint Conflict. Otherwise, this workflow appears dimmed.

Note

To view the SSH fingerprint on the device, run the following command in shell:

ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key.pub.

To acknowledge the SSH fingerprints from the devices:

  1. On the Network Management Platform user interface, select Network Management Platform > Devices > Device Management.

    The Device Management page is displayed.

  2. Select the devices whose fingerprints you want to acknowledge and select Device Access > Acknowledge Device Fingerprint from the Actions menu.

    The Acknowledge Device Fingerprint page is displayed. Table 1 lists the columns on this page.

    Table 1: Acknowledge Device Fingerprint Page

    Column name

    Description

    Host Name

    Hostname of the device

    IP Address

    IP address of the device

    Authentication Status

    Authentication status of the device

    Fingerprint

    If the Authentication Status column displays Fingerprint Conflict, this column displays the current fingerprint value of the device as stored in the Junos Space Platform database. This column does not display any value if the Authentication Status column displays Key Conflict – Unverified, Key Based – Unverified, or Credentials Based - Unverified.

    New Fingerprint

    If the Authentication Status column displays Fingerprint Conflict, this column displays the new fingerprint value received from the device. This column displays the current fingerprint value of the device as stored in the Junos Space Platform database if the Authentication Status column displays Key Conflict – Unverified, Key Based – Unverified, or Credentials Based - Unverified. You can also edit this column.

  3. You can accept the fingerprint value received from the devices or modify the values.
    • To accept the fingerprint values:

      1. Click Verify.

        The Acknowledge Device Fingerprint dialog box appears, displaying the job ID of this job.

      2. Click OK.

        You are redirected to the Device Management page.

    • To modify the fingerprint value of a device with the authentication status as Fingerprint Conflict:

      1. Click the New Fingerprint column corresponding to the device.
      2. Enter the new fingerprint value and click Update.
      3. Click Verify.

        The Acknowledge Device Fingerprint dialog box appears, displaying the job ID of this job.

      4. Click OK.

        You are redirected to the Device Management page.

    • To modify the fingerprint value of a device with the authentication status displayed as Key Conflict–Unverified, Key Based–Unverified, or Credentials Based–Unverified:

      1. Click the New Fingerprint column corresponding to the device.
      2. Enter the new fingerprint value and click Update.

        The Confirm Acknowledge dialog box is displayed.

      3. Click OK.

        The new fingerprint is updated in the Junos Space Platform database. The connection to the device is reset.

      4. Click Verify.

        The Acknowledge Device Fingerprint dialog box appears, displaying the job ID of this job.

        Note

        If you are acknowledging the SSH fingerprint of from a dual Routing Engine, Virtual Chassis, or an SRX Series cluster device, a pop-up window is displayed with the following message: Duplicate fingerprint observed. This is permitted for dual RE, VC and SRX cluster devices. Do you want to continue?. Click OK.

      5. Click OK.

        You are redirected to the Device Management page.

    When the job is complete, the authentication status of the device moves from the unverified or conflicted status to the normal status. An audit log entry is generated for this workflow.

(Optional) To cancel acknowledging the fingerprints, click Cancel.

The devices remain in their original authentication statuses if you cancel the workflow.