Generating SSH RSA/DSA keys locally – on devices running Junos

This article describes the procedure to generate SSH RSA/DSA keys on a device running Junos and configure the device to use password-less public key based encrypted SSH authentication.

The goal of this article is to show a reader how to generate SSH RSA/DSA keys locally and configure the device to use password-less public key based encrypted SSH authentication.

In some case, users may need to generate SSH RSA/DSA keys locally to allow remote login using SSH RSA/DSA keys instead of using passwords stored locally.

We have to enable SSH service on the switch using the following command:

We can generate the SSH key on a device running Junos by logging into the shell prompt as a root user:

The key fingerprint is:

Once the keys are generated we can associate the key with the “userid” using the following command.

After running the above configuration commands, it will create a directory with <userid> in /var/home and the authorized_key for SSH will be created.

When an upgrade/downgrade is performed, the files – id_rsa and id_rsa.pub, which are locally created and are not part of configuration, will not be restored.
Hence we will have to copy the contents of the /root/.ssh directory and put them back after the upgrade/downgrade is complete.
We also will have to associate the user with the key using the following CLI command:

About the author

James Palmer

Leave a Comment