Copying SSH host private keys between JUNOS devices to when replacing hardware

A certain customer of mine is (rightly or wrongly) pedantic about security warnings. Recently, we did a hardware replacement of a JUNOS device (an SRX240 firewall). While the config was a drop-in replacement, users who tried to SSH to the host post-migration would normally see an SSH “host key has changed” warning. In this environment, we wanted to eliminate this friction (and stop training our users to ignore security warnings), so we copied the following from the old device:


This is a companion discussion topic for the original entry at https://www.funkypenguin.co.nz/note/copying-ssh-host-private-keys-junos-devices-replacing-hardware/