Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Synchronize Configuration Data Using SCP in a Virtual Chassis

Follow these steps to use Secure Copy Protocol (SCP) to secure the transfer and synchronization of configuration data in a Virtual Chassis.

This configuration is applicable only to Juniper Networks® EX Series Switches and Juniper Networks® QFX Series Switches.

If you want to enable FIPS mode, see Enabling FIPS Mode before configuring Secure Copy Protocol (SCP).

In a Virtual Chassis, the primary member and the members in backup or linecard roles exchange configuration data and foreign files when you:

  • Commit a new configuration.

  • Reboot a linecard member.

  • Add a new linecard member to the Virtual Chassis.

You can configure the management process (mgd) to use SCP instead of Remote Copy Protocol (RCP) for transferring configuration data and foreign files between the Virtual Chassis members. SCP encrypts the data before transfer, whereas RCP transfers the data in plaintext. SCP ensures that the configuration and foreign files are securely synchronized among Virtual Chassis members, maintaining the integrity and confidentiality of your network configurations.

To enable configuration synchronization using SCP on the Virtual Chassis:

  1. Configure SSH to read authorized keys from a nondefault location. Execute the following commands on each member of the Virtual Chassis.

    The system stores the authorization keys needed for SCP-based configuration synchronization in an authorized keys file. However, this file is not the default location for the SSH keys. You need to configure the authorized-keys-command and authorized-keys-command-user statements for SSH to access the internal authorized-keys file.

  2. Create SSH keys for each member and distribute the keys to all other members. Update the host keys in the known host file for each member.

    This step prepares the system for passwordless and promptless transfer of configuration data using SCP.

    You must execute the request chassis internal-ssh prepare-setup command only on the primary member and as a root user.

  3. Enable SCP for synchronization of configuration data and commit the configuration.

    If you have enabled FIPS mode, you can skip this step. FIPS mode automatically activates the SCP feature.

The mgd uses SCP to synchronize the configuration data and foreign files between the primary Virtual Chassis member and other members. You don't require a password or prompts for mgd to synchronize the files.

Related Documentation