Brocade Communications Systems Brocade 8/12c Command Reference Manual page 979

genkey
exportpubkey
delprivkey
help
EXAMPLES
To configure a user for public key authentication:
To display the configured user:
To set up SSH public key authentication on a switch for incoming connections:
1.
Fabric OS Command Reference
53-1001764-01
Generates an RSA private/public key pair on the local switch. This option can be
performed only by a configured user. This option enables authentication for
outgoing connections from the switch to a remote host. You must export the public
key to a remote host to complete the setup. For incoming connections, the
private/public key must first be generated on the remote host by issuing
ssh-genkey -t dsa (a UNIX command), and then importing the public key from
the remote host to the switch using the sshutil import command.
genkey prompts for user input on the following parameters:
passphrase
Accepts a string of arbitrary length. This operand is optional, but creating a pass
phrase is strongly recommended. A strong pass phrase is 10-30 characters long,
fairly complex and difficult to guess. and contains a mix of upper and lowercase
letters, numbers, and nonalphanumeric characters. There is no way to recover a
lost pass phrase. If the pass phrase is lost, a new key must be generated and
copied to the corresponding public key to other machines.
Exports the public key from the switch to a specified remote host to support
outgoing connections from the switch to a remote host. This option can only be
performed by a configured user. The successfully exported public key must be
appended to the authorized_keys file on the remote host. Use the cat
~/.ssh/outgoing.pub >> ~/.ssh/authorized_keys command to append the file.
exportpubkey prompts for IP Address, remote directory, login name and
password. Refer to importpubkey for a description of these parameters.
Deletes the private key for outgoing connection from the switch. This option can
only be performed by a configured user. Deletion of a configured user's private
keys effectively blocks outgoing connections initiated by this user that rely on
public key authentication with a remote host.
Displays the command usage.
switch:admin> sshutil allowuser username
Allowed user has been successfully changed to username.
switch:admine> sshutil showuser
username
Generate a private/public key pair on a remote host (accept default directory and file name):
username@remotehost> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key \
(/users/home/username/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):passphrase
Enter same passphrase again: passphrase
Your identification has been saved in
sshUtil
\
22
945