Enabling ssh2 client, Configuring ssh2 client public key authentication, Generating and deleting a client dsa key pair – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 97

Advertising
background image

while you are connected to the device by any connection method (SSH2, Telnet, console). Brocade
devices support one outbound SSH2 client session at a time.

The supported SSH2 client features are as follows:

• Encryption algorithms, in the order of preference:

aes256-cbc

aes192-cbc

aes128-cbc

3des-cbc

• SSH2 client session authentication algorithms:

Password authentication

Public Key authentication

• Message Authentication Code (MAC) algorithm: hmac-sha1
• Key exchange algorithm: diffie-hellman-group1-sha1
• No compression algorithms are supported.
• The client session can be established through either in-band or out-of-band management ports.
• The client session can be established through IPv4 or IPv6 protocol access.
• The client session can be established to a server listening on a non-default SSH port.

Enabling SSH2 client

To use SSH2 client, you must first enable SSH2 server on the device. See

SSH2 authentication types

on page 83.

When SSH2 server is enabled, you can use SSH client to connect to an SSH server using password
authentication.

Configuring SSH2 client public key authentication

To use SSH client for public key authentication, you must generate SSH client authentication keys and
export the public key to the SSH servers to which you want to connect.

The following sections describe how to configure SSH client public key authentication:

Generating and deleting a client DSA key pair

on page 97

Generating and deleting a client RSA key pair

on page 98

Exporting client public keys

on page 98

Generating and deleting a client DSA key pair

To generate a client DSA key pair, enter the following command.

device(config)#crypto key client generate dsa

To delete the DSA host key pair, enter the following command.

device(config)#crypto key client zeroize dsa

Syntax: crypto key client { generate | zeroize } dsa

The generate keyword places a host key pair in the flash memory.

The zeroize keyword deletes the host key pair from the flash memory.

The dsa keyword specifies a DSA host key pair.

Enabling SSH2 client

FastIron Ethernet Switch Security Configuration Guide

97

53-1003088-03

Advertising
Popular Brands
Popular manuals