Ssh Public Key Authentication; Allowed-User; Authentication; Authentication Setup Overview - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.1.x administrator guide (5697-0234, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
Commands that require a secure login channel must originate from an SSH session. If you start an SSH
session, and then use the login command to start a nested SSH session, commands that require a secure
channel will be rejected.
Fabric OS 6.1.x and later supports SSH protocol version 2.0 (ssh2). For more information on SSH, refer to
the SSH IETF website:
http://www.ietf.org/ids.by.wg/secsh.html
For more information, refer to SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett, Richard
Silverman and Robert G. Byrnes.
SSH public key authentication
OpenSSH public key authentication provides password-less logins known as SSH authentication that uses
public and private key pairs for incoming and outgoing authentication. This feature allows only one
allowed-user to be configured to utilize OpenSSH public key authentication. Using OpenSSH RSA and
DSA, the authentication protocols are based on a pair of specially generated cryptographic keys, called
the private key and the public key. The advantage of using these key-based authentication systems is that in
many cases, it is possible to establish secure connections without having to manually type in a password.
RSA and DSA asynchronous algorithms are FIPS-compliant.
Allowed-user
The default admin user has to set up the allowed-user with the admin role. By default, the admin is the
configured allowed-user. However, while creating the key pair, the configured allowed-user can choose a
passphrase with which the private key will be encrypted. Then the passphrase will always need to be
entered when authenticating using a key pair. The allowed-user needs to have an admin role and can
perform OpenSSH public key authentication, import and export keys, generation of a key pair for an
outgoing connection, delete public and private keys. Once the allowed-user is changed, all the public keys
related to old allowed-user will be lost.
Authentication
Incoming authentication is used when the remote host needs to authenticate to the switch. Outgoing
authentication is used when the switch needs to authenticate to a server or remote host, more commonly
used for the configUpload command. Both password and public key authentication can coexist on the
switch.
Authentication setup overview
1.
Configure the allowed-user.
Once the allowed-user is configured, the remaining setup steps will need to be completed by the
allowed-user.
2.
Generate the key pair for incoming or outgoing authentication.
3.
Add public key into the switch (for incoming authentication).
4.
Export the public key from the remote directory (for outgoing authentication).
5.
Append the public key to the authorized_keys file on the host.
6.
Test the setup.
Configuring the allowed-user
1.
Log in to the switch as the default admin.
2.
Change the allowed-user's role to admin, if applicable.
switch:admin> userconfig --change <username> -r admin
Where <username> is the name of the user you want to perform SSH public key authentication,
import, export, and delete keys.
3.
Setup the allowed-user by typing the following command:
switch:admin> sshutil allowuser <username>
Where <username> is the name of the user you want to perform SSH public key authentication,
import, export, and delete keys.
Fabric OS 6.1.x administrator guide
89
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
