Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


request security ssh key-pair-identity generate



Generate the SSH private and public key pair for a specified identity. The private and public key files are stored in the /var/db directory, which is accessible through root only. Filenames are based on the identity-name with extensions. The files are similar to the certificate files that are stored in Junos OS.


  • identity-name—Identity name.

  • passphrase passphrase— An SSH identity generated with a passphrase. The passphrase is used to protect the private key file stored in the file system. This option does not allow the user to enter a weak passphrase, which ensures stronger security. A private key is used to connect to a remote server and is never displayed or transferred between servers, even if the system is compromised. The private key cannot be used to connect to a remote server if the passphrase is not known.


    By default, the passphrase uses Advanced Encryption Standard (AES) 128 in cipher block chaining (CBC) mode to encrypt a private key. All generated keys are stored in the /var/db/ssh_key directory.

Required Privilege Level


Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request security ssh key-pair-identity with passphrase

Release Information

Command introduced in Junos OS Release 15.1X49-D70.