HP SN3000B Administrator's Manual page 156
Brocade fabric os administrator's guide - supporting fabric os v7.0.1 (53-1002446-01, march 2012)
Hide thumbs
Also See for SN3000B:
- Troubleshooting manual (138 pages) ,
- Reference manual (70 pages) ,
- Quickspecs (21 pages)
Table of Contents
Advertisement
6
Secure Shell protocol
DSA, the authentication protocols are based on a pair of specially generated cryptographic keys,
called the private key and the public key. The advantage of using these key-based authentication
systems is that in many cases, it is possible to establish secure connections without having to
depend on passwords for security. RSA asynchronous algorithms are FIPS-compliant.
Incoming authentication is used when the remote host needs to authenticate to the switch.
Outgoing authentication is used when the switch needs to authenticate to a server or remote host,
such as when running the configUpload or configDownload commands, or performing firmware
download. Both password and public key authentication can coexist on the switch.
Allowed-user
For outgoing authentication, the default admin user must set up the allowed-user with admin
permissions. By default, the admin is the configured allowed-user. While creating the key pair, the
configured allowed-user can choose a passphrase with which the private key is encrypted. Then the
passphrase must always be entered when authenticating to the switch. The allowed-user must
have admin permissions to perform OpenSSH public key authentication, import and export keys,
generate a key pair for an outgoing connection, and delete public and private keys.
Configuring incoming SSH authentication
1. Log in to your remote host.
2. Generate a key pair for host-to-switch (incoming) authentication by verifying that SSH v2 is
3. Import the public key to the switch by logging in to the switch as any user with the Admin role
4. Test the setup by logging into the switch from a remote device, or by running a command
118
installed and working (refer to your host's documentation as necessary) by typing the following
command:
ssh-keygen -t dsa
Example of RSA/DSA key pair generation
anyuser@mymachine: ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/users/anyuser/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /users/anyuser/.ssh/id_dsa.
Your public key has been saved in /users/anyuser/.ssh/id_dsa.pub.
The key fingerprint is:
32:9f:ae:b6:7f:7e:56:e4:b5:7a:21:f0:95:42:5c:d1 anyuser@mymachine
and entering the sshUtil importpubkey command to import the key.
Example of adding the public key to the switch
switch:anyuser> sshutil importpubkey
Enter user name for whom key is imported: aswitchuser
Enter IP address:192.168.38.244
Enter remote directory:~auser/.ssh
Enter public key name(must have .pub suffix):id_dsa.pub
Enter login name:auser
Password:
Public key is imported successfully.
remotely using ssh.
Fabric OS Administrator's Guide
53-1002446-01
Advertisement
Table of Contents
