You trigger this workflow to acknowledge the
SSH fingerprints received from devices or resolve any SSH fingerprint
conflicts between the fingerprints stored in the Junos Space Platform
database and that on the devices. This workflow is enabled only if
the Authentication Status column on the Device Management page displays
the following status: Credentials Based – Unverified, Key Based
– Unverified, Key Conflict – Unverified, or Fingerprint
Conflict. Otherwise, this workflow appears dimmed.
Note: To view the SSH fingerprint on the device, run the following
command in shell:
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key.pub
.
To acknowledge the SSH fingerprints from the devices:
- On the Network Management Platform user interface, select Network Management Platform > Devices > Device Management.
The Device Management page is displayed.
- Select the devices whose fingerprints you want to acknowledge
and select Device Access > Acknowledge Device Fingerprint from the Actions menu.
The Acknowledge Device Fingerprint page is displayed. Table 1 lists the columns on
this page.
Table 1: Acknowledge Device
Fingerprint PageColumn name
|
Description
|
Host Name
|
Hostname of the device
|
IP Address
|
IP address of the device
|
Authentication Status
|
Authentication status of the device
|
Fingerprint
|
If the Authentication Status column displays Fingerprint
Conflict, this column displays the current fingerprint value of the
device as stored in the Junos Space Platform database. This column
does not display any value if the Authentication Status column displays
Key Conflict – Unverified, Key Based – Unverified, or
Credentials Based - Unverified.
|
New Fingerprint
|
If the Authentication Status column displays Fingerprint
Conflict, this column displays the new fingerprint value received
from the device. This column displays the current fingerprint value
of the device as stored in the Junos Space Platform database if the
Authentication Status column displays Key Conflict – Unverified,
Key Based – Unverified, or Credentials Based - Unverified. You
can also edit this column.
|
- You can accept the fingerprint value received from the
devices or modify the values.
To accept the fingerprint values:
Click Verify.
The Acknowledge Device Fingerprint dialog box appears, displaying
the job ID of this job.
Click OK.
You are redirected to the Device Management page.
To modify the fingerprint value of a device with the
authentication status as Fingerprint Conflict:
Click the New Fingerprint column corresponding
to the device.
Enter the new fingerprint value and click Update.
Click Verify.
The Acknowledge Device Fingerprint dialog box appears, displaying
the job ID of this job.
Click OK.
You are redirected to the Device Management page.
To modify the fingerprint value of a device with the
authentication status displayed as Key Conflict–Unverified,
Key Based–Unverified, or Credentials Based–Unverified:
Click the New Fingerprint column corresponding
to the device.
Enter the new fingerprint value and click Update.
The Confirm Acknowledge dialog box is displayed.
Click OK.
The new fingerprint is updated in the Junos Space Platform database.
The connection to the device is reset.
Click Verify.
The Acknowledge Device Fingerprint dialog box appears, displaying
the job ID of this job.
Note: If you are acknowledging the SSH fingerprint of from a
dual Routing Engine, Virtual Chassis, or an SRX Series cluster device,
a pop-up window is displayed with the following message: Duplicate fingerprint observed. This is permitted for dual RE, VC
and SRX cluster devices. Do you want to continue?
.
Click OK.
Click OK.
You are redirected to the Device Management page.
When the job is complete, the authentication status of the device
moves from the unverified or conflicted status to the normal status.
An audit log entry is generated for this workflow.
(Optional) To cancel acknowledging the fingerprints, click Cancel.
The devices remain in their original authentication statuses
if you cancel the workflow.