request chassis internal-ssh
Syntax
request chassis internal-ssh (prepare-setup | clear-setup)
Description
(EX Series and QFX Series switches only) Configure the SSH keys for transferring configuration data in a Virtual Chassis between the primary member and the other members. The command creates public SSH keys for all Virtual Chassis members and copies the keys to all members in a full mesh manner. The command also updates the list of known hosts for each member.
This command is a prerequisite to enabling the system commit
config-sync-with-scp configuration statement.
You can execute this command only on the primary Virtual Chassis member and as a root user.
Options
prepare-setup |
Create and copy the SSH keys for all members, and update the known hosts file. |
clear-setup |
Delete the SSH keys and entries in the known hosts file from all Virtual Chassis members. If you execute this option after you've enabled the
|
Required Privilege Level
root
Sample Output
- request chassis internal-ssh prepare-setup
- request chassis internal-ssh clear-setup (
config-sync-with-scpDisabled) - request chassis internal-ssh clear-setup (
config-sync-with-scpEnabled)
request chassis internal-ssh prepare-setup
root@host> request chassis internal-ssh prepare-setup
VC members
----------
fpc0
fpc1
fpc2
Creating and copying SSH keys between all VC members
----------------------------------------------------
* Copying master -> fpc1
The authenticity of host '128.0.0.17 (128.0.0.17)' can't be established.
ED25519 key fingerprint is SHA256:K7aI9AXL1QFDNnb2bc5028TxBVYmiBHOwExuqN/wXUQ.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '128.0.0.17' (ED25519) to the list of known hosts.
(root@128.0.0.17) Password:
* Copying master -> fpc2
The authenticity of host '128.0.0.18 (128.0.0.18)' can't be established.
ED25519 key fingerprint is SHA256:K7aI9AXL1QFDNnb2bc5028TxBVYmiBHOwExuqN/wXUQ.
This host key is known by the following other names/addresses:
/var/db/internal-ssh/known_hosts_internal:1: 128.0.0.17
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '128.0.0.18' (ED25519) to the list of known hosts.
(root@128.0.0.18) Password:
* Copying fpc1 -> master
* Copying fpc1 -> fpc2
* Copying fpc2 -> master
* Copying fpc2 -> fpc1
Done.
Setting up known_hosts entries in all members for host key verification
-----------------------------------------------------------------------
* Added entry for master in fpc1
* Added entry for fpc1 in fpc2
* Added entry for master in fpc2
* Added entry for fpc2 in fpc1
Done. request chassis internal-ssh clear-setup (config-sync-with-scp Disabled)
root@host> request chassis internal-ssh clear-setup VC members ---------- fpc0 fpc1 fpc2 Clearing SSH keys and known_hosts entries from all VC members ----------------------------------------------------------------- * Removing from fpc1 * Removing from fpc2 * Removing from master Done.
request chassis internal-ssh clear-setup (config-sync-with-scp Enabled)
root@host> request chassis internal-ssh clear-setup
System is configured to synchronize configuration using SCP during commit.
This command will clear the keys required for SCP to work during commit.
After clearing the internal-ssh files cli command 'request chassis internal-ssh prepare-setup'
will be run automatically to regenerate the keys. Do you want to continue? [yes,no] (no) yes
VC members
----------
fpc0
fpc1
fpc2
Clearing SSH keys, authorized_keys and known_hosts entries from all VC members
------------------------------------------------------------------------------
* Removing from fpc1
* Removing from fpc2
* Removing from master
Done.
** Secure configuration sync is configured. **
** Preparing internal SSH setup after clear-setup. **
VC members
----------
fpc0
fpc1
fpc2
Creating and copying SSH keys between all VC members
----------------------------------------------------
* Copying master -> fpc1
The authenticity of host '128.0.0.17 (128.0.0.17)' can't be established.
ED25519 key fingerprint is SHA256:K7aI9AXL1QFDNnb2bc5028TxBVYmiBHOwExuqN/wXUQ.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '128.0.0.17' (ED25519) to the list of known hosts.
(root@128.0.0.17) Password:
* Copying master -> fpc2
The authenticity of host '128.0.0.18 (128.0.0.18)' can't be established.
ED25519 key fingerprint is SHA256:K7aI9AXL1QFDNnb2bc5028TxBVYmiBHOwExuqN/wXUQ.
This host key is known by the following other names/addresses:
/var/db/internal-ssh/known_hosts_internal:1: 128.0.0.17
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '128.0.0.18' (ED25519) to the list of known hosts.
(root@128.0.0.18) Password:
* Copying fpc1 -> master
* Copying fpc1 -> fpc2
* Copying fpc2 -> master
* Copying fpc2 -> fpc1
Done.
Setting up known_hosts entries in all members for host key verification
-----------------------------------------------------------------------
* Added entry for master in fpc1
* Added entry for fpc1 in fpc2
* Added entry for master in fpc2
* Added entry for fpc2 in fpc1
Done. Release Information
Command introduced in Junos OS Release 25.2R1.