[Contents] [Prev] [Next] [Index] [Report an Error]

Creating a Public/Private Key Pair

To create an SSH public/private key pair, perform the following steps:

  1. Issue the ssh-keygen command in the standard command shell (not the JUNOS CLI) on the computer where the client application runs. By providing the appropriate arguments, you encode the public key with either RSA (supported by SSH versions 1 and 2) or the Digital Signature Algorithm (DSA, supported by SSH version 2). For more information, see the manual page for the ssh-keygen command. The JUNOS software uses SSH version 2 by default, but also supports version 1.
    % ssh-keygen options
  2. Associate the public key with the JUNOS login account by including the load-key-file statement at the [edit system login user account-name authentication] hierarchy level. The JUNOS software copies the contents of the specified file onto the routing platform:
    [edit system login user account-name authentication]
    user@host# set load-key-file URL

    URL is the path to the file that contains one or more public keys. The ssh-keygen command by default stores each public key in a file in the .ssh subdirectory of the user home directory; the filename depends on the encoding (DSA or RSA) and SSH version. For information about specifying URLs, see the JUNOS CLI User Guide.

    Alternatively, you can include one or both of the ssh-dsa and ssh-rsa statements at the [edit system login user account-name authentication] hierarchy level. We recommend using the load-key-file statement, however, because it eliminates the need to type or cut-and-paste the public key on the command line. For more information about the ssh-dsa and ssh-rsa statements, see the JUNOS System Basics Configuration Guide.

  3. (Optional) Commit the configuration. Alternatively, you can wait until you have added the statements that satisfy all prerequisites (see NETCONF Service over SSH Is EnabledEnable NETCONF Service over SSH).
    [edit system login user account-name authentication]
    user@host# commit
  4. Repeat Step item and Step item on each routing platform where the client application establishes NETCONF sessions.
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.