Secure Shell Protocol; Ssh Public Key Authentication; Allowed-User - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Example: systemGroup configuration (default)
switch:admin>
*****
This command will reset the agent's system group configuration back
to factory default
*****
*****
Are you sure? (yes, y, no, n): [no] y

Secure Shell protocol

To ensure security, Fabric OS supports secure shell (SSH) encrypted sessions. SSH encrypts all messages,
including the client transmission of the password during login. The SSH package contains a daemon
(sshd), which runs on the switch. The daemon supports a wide variety of encryption algorithms, such as
Blowfish-Cipher block chaining (CBC) and Advanced Encryption Standard (AES).
NOTE: To maintain a secure network, you should avoid using Telnet or any other unprotected application
when you are working on the switch.
The File Transfer Protocol (FTP) is also not secure. When you use FTP to copy files to or from the switch, the
contents are in clear text. This includes the remote FTP server's login and password. This limitation affects
the following commands: saveCore, configUpload, configDownload, and firmwareDownload.
Commands that require a secure login channel must originate from an SSH session. If you start an SSH
session and then use the login command to start a nested SSH session, commands that require a secure
channel will be rejected.
Fabric OS 6.1.0 supports SSH protocol 2.0 (ssh2). For more information on SSH, see the SSH IETF Web
site: http://www.ietf.org/ids.by.wg/secsh.html
For more information, see SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett, Ph. D., Richard
E. Silverman, and Robert G. Byrnes.

SSH public key authentication

OpenSSH public key authentication provides password-less logins, known as SSH authentication, that uses
public and private key pairs for incoming and outgoing authentication. This feature allows only one
allowed-user to be configured to utilize OpenSSH public key authentication. Using OpenSSH RSA and
DSA, the authentication protocols are based on a pair of specially generated cryptographic keys, called
the private key and the public key. The advantage of using these key-based authentication systems is that in
many cases, it is possible to establish secure connections without having to manually type in a password.
RSA and DSA asynchronous algorithms are FIPS-compliant.

Allowed-user

The default admin user must set up the allowed-user with the admin role. By default, the admin is the
configured allowed-user. While creating the key pair, the configured allowed-user can choose a
passphrase with which the private key is encrypted. The passphrase must then always be entered when
authenticating to the switch. The allowed-user must have an admin role that can perform OpenSSH public
key authentication, import and export keys, generate a key pair for an outgoing connection, and delete
public and private keys. After the allowed-user is changed, all the public keys related to the old
allowed-user are lost.
snmpconfig --default systemGroup
sysDescr = Fibre Channel Switch
sysLocation = End User Premise
sysContact = Field Support
authTraps = 0 (OFF)
Fabric OS 6.2 administrator guide 105