BigIron RX Series Configuration Guide
869
53-1001810-01
Configuring SSH
28
Configuring SSH
Brocade’s implementation of SSH supports two kinds of user authentication:
•
DSA challenge-response authentication
, where a collection of public keys are stored on the
device. Only clients with a private key that corresponds to one of the stored public keys can
gain access to the device using SSH.
•
Password authentication
, where users attempting to gain access to the device using an SSH
client are authenticated with passwords stored on the device or on a TACACS/ or
RADIUS server
Both kinds of user authentication are enabled by default. You can configure the device to use one
or both of them.
To configure Secure Shell on a BigIron RX, do the following.
1. Generate a host DSA public and private key pair for the device.
2. Configure DSA challenge-response authentication.
3. Set optional parameters.
You can also view information about active SSH connections on the device as well as terminate
them.
Generating a host key pair
When SSH is configured, a public and private
host DSA key pair
is generated for the device. The
SSH server on the device uses this host DSA key pair, along with a dynamically generated
server
DSA key pair
, to negotiate a session key and encryption method with the client trying to connect to
it.
The host DSA key pair is stored in the BigIron RX’s system-config file. Only the public key is
readable. The public key should be added to a “known hosts” file (for example,
$HOME/.ssh/known_hosts on UNIX systems) on the clients who want to access the device. Some
SSH client programs add the public key to the known hosts file automatically; in other cases, you
must manually create a known hosts file and place the BigIron RX’s public key in it. Refer to
“Providing the public key to clients”
on page 870 for an example of what to place in the known
hosts file.
While the SSH listener exists at all times, sessions can not be started from clients until a key is
generated. Once a key is generated, clients can start sessions. The keys are also not displayed in
the configuration file by default. To display the keys, use the ssh show-host-keys command in
Privileged EXEC mode. To generate a public and private DSA host key pair on a BigIron RX, enter the
following commands.
BigIron RX(config)# crypto key generate
When a host key pair is generated, it is saved to the flash memory of all management modules.
To disable SSH in SSHv2 on a BigIron RX, enter the following commands.
BigIron RX(config)# crypto key zeroize
When SSH is disabled, it is deleted from the flash memory of all management modules.
Syntax: crypto key generate | zeroize
Summary of Contents for Brocade DCX
Page 40: ...xl BigIron RX Series Configuration Guide 53 1001810 01 ...
Page 72: ...lxxii BigIron RX Series Configuration Guide 53 1001810 01 ...
Page 88: ...16 BigIron RX Series Configuration Guide 53 1001810 01 Searching and filtering output 1 ...
Page 300: ...228 BigIron RX Series Configuration Guide 53 1001810 01 Displaying IP information 7 ...
Page 318: ...246 BigIron RX Series Configuration Guide 53 1001810 01 Deploying a LAG 8 ...
Page 418: ...346 BigIron RX Series Configuration Guide 53 1001810 01 SuperSpan 12 ...
Page 482: ...410 BigIron RX Series Configuration Guide 53 1001810 01 MRP CLI example 14 ...
Page 506: ...434 BigIron RX Series Configuration Guide 53 1001810 01 Displaying VSRP information 15 ...
Page 582: ...510 BigIron RX Series Configuration Guide 53 1001810 01 Viewing Layer 2 ACLs 20 ...
Page 634: ...562 BigIron RX Series Configuration Guide 53 1001810 01 Troubleshooting ACLs 21 ...
Page 642: ...570 BigIron RX Series Configuration Guide 53 1001810 01 Trunk formation 22 ...
Page 746: ...674 BigIron RX Series Configuration Guide 53 1001810 01 Displaying RIP filters 24 ...
Page 808: ...736 BigIron RX Series Configuration Guide 53 1001810 01 Displaying OSPF information 25 ...
Page 938: ...866 BigIron RX Series Configuration Guide 53 1001810 01 Displaying MBGP information 27 ...
Page 950: ...878 BigIron RX Series Configuration Guide 53 1001810 01 Using secure copy 28 ...
Page 988: ...916 BigIron RX Series Configuration Guide 53 1001810 01 Clearing IS IS information 29 ...
Page 1054: ...982 BigIron RX Series Configuration Guide 53 1001810 01 Sample 802 1x configurations 33 ...
Page 1108: ...1036 BigIron RX Series Configuration Guide 53 1001810 01 sFlow 39 ...
Page 1190: ...1118 BigIron RX Series Configuration Guide 53 1001810 01 Displaying RIPng information 44 ...
Page 1270: ...1198 BigIron RX Series Configuration Guide 53 1001810 01 Displaying ACLs 47 ...
Page 1310: ...1238 BigIron RX Series Configuration Guide 53 1001810 01 Displaying OSPFv3 information 48 ...
Page 1382: ...1310 BigIron RX Series Configuration Guide 53 1001810 01 Commands That Require a Reload D ...
Page 1435: ...BigIron RX Series Configuration Guide 1363 53 1001810 01 VSRP E ...
Page 1436: ...1364 BigIron RX Series Configuration Guide 53 1001810 01 VSRP E ...