BigIron(config)# write memory
Syntax: ip ssh pub-key-file flash-memory
To clear the public keys from the startup-config file (if they are located there), enter the following commands:
BigIron# clear public-key
BigIron# write memory
Enabling RSA Challenge-Response Authentication
RSA challenge-response authentication is enabled by default. You can disable or re-enable it manually.
To enable RSA challenge-response authentication:
BigIron(config)# ip ssh rsa-authentication yes
To disable RSA challenge-response authentication:
BigIron(config)# ip ssh rsa-authentication no
Syntax: ip ssh rsa-authentication yes | no
Setting Optional Parameters
You can adjust the following SSH settings on the Foundry device:
•
The number of SSH authentication retries
•
The server RSA key size
•
The user authentication method the Foundry device uses for SSH connections
•
Whether the Foundry device allows users to log in without supplying a password
•
The port number for SSH connections
•
The SSH login timeout value
•
A specific interface to be used as the source for all SSH traffic from the device
Setting the Number of SSH Authentication Retries
By default, the Foundry device attempts to negotiate a connection with the connecting host three times. The
number of authentication retries can be changed to between 1 – 5.
For example, the following command changes the number of authentication retries to 5:
BigIron(config)# ip ssh authentication-retries 5
Syntax: ip ssh authentication-retries <number>
Setting the Server RSA Key Size
The default size of the dynamically generated server RSA key is 768 bits. The size of the server RSA key can be
between 512 – 896 bits.
For example, the following command changes the server RSA key size to 896 bits:
BigIron(config)# ip ssh key-size 896
Syntax: ip ssh key-size <number>
NOTE: The size of the host RSA key that resides in the system-config file is always 1024 bits and cannot be
changed.
December 2000
Configuring Secure Shell
4 - 5