Foundry Networks Switch and Router Installation And Configuration Manual page 116

Foundry Switch and Router Installation and Configuration Guide
3. Configuring RSA challenge-response authentication
4. Setting optional parameters
You can also view information about active SSH connections on the device as well as terminate them.
Setting the Host Name and Domain Name
If you have not already done so, establish a host name and domain name for the Foundry device. For example:
BigIron(config)# hostname BigIron
BigIron(config)# ip dns domain-name foundrynet.com
Syntax: hostname <name>
Syntax: ip dns domain-name <name>
Generating a Host RSA Key Pair
When SSH is configured, a public and private host RSA key pair is generated for the Foundry device. The SSH
server on the Foundry device uses this host RSA key pair, along with a dynamically generated server RSA key
pair, to negotiate a session key and encryption method with the client trying to connect to it.
The host RSA key pair is stored in the Foundry device's system-config file. Only the public key is readable. The
public key should be added to a "known hosts" file (for example, $HOME/.ssh/known_hosts on UNIX systems) on
the clients who want to access the device. Some SSH client programs add the public key to the known hosts file
automatically; in other cases, you must manually create a known hosts file and place the Foundry device's public
key in it. See "Providing the Public Key to Clients" on page 4-2 for an example of what to place in the known hosts
file.
To generate a public and private RSA host key pair for the Foundry device:
BigIron(config)# crypto key generate rsa
BigIron(config)# write memory
The crypto key generate rsa command places an RSA host key pair in the running-config file and enables SSH
on the device. To disable SSH, you must delete the RSA host key pair. To do this, enter the following commands:
BigIron(config)# crypto key zeroize rsa
BigIron(config)# write memory
The crypto key zeroize rsa command deletes the RSA host key pair in the running-config file and disables SSH
on the device.
Syntax: crypto key generate | zeroize rsa
Providing the Public Key to Clients
If you are using SSH to connect to a Foundry device from a UNIX system, you may need to add the Foundry
device's public key to a "known hosts" file; for example, $HOME/.ssh/known_hosts. The following is an example
of an entry in a known hosts file:
10.10.20.10 1024 37 1187718818626770304648512887372580468560316406358876792301
84247022636175804896633384620574930068397650231698985431857279323745963240790218
03229084221453472515782437007702806627934784079949643404159653290224014833380339
09542147367974638560060162945329307563502804231039654388220432832662804242569361
58342816331
In this example, 10.10.20.10 is the IP address of an SSH-enabled Foundry switch or router. The second number,
1024, is the size of the host key, and the third number, 37, is the encoded public exponent. The remaining text is
the encoded modulus.
4 - 2 December 2000