Configuring dsa challenge-response authentication, Providing the public key to clients – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 157

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

123

53-1003053-01

Configuring SSH2

TurboIron(config)#crypto key zeroize

When SSH is disabled, it is deleted from the flash memory of all management modules.

Syntax: crypto key generate | zeroize

The generate keyword places a DSA host key pair in the flash memory and enables SSH on the
device.

The zeroize keyword deletes the DSA host key pair from the flash memory and disables SSH on the
device.

By default, public keys are hidden in the running configuration. You can optionally configure the
device to display the DSA host key pair in the running configuration file, by entering the following
command.

TurboIron#ssh show-host-keys

Syntax: ssh show-host-keys

To hide the public keys in the running configuration file, enter the following command.

TurboIron#ssh no-show-host-keys

Syntax: ssh no-show-host-keys

Providing the public key to clients

If you are using SSH to connect to a device from a UNIX system, you may need to add the public key
on the device to a “known hosts” file; for example, $HOME/.ssh/known_hosts. The following is an
example of an entry in a known hosts file.

Configuring DSA challenge-response authentication

With DSA challenge-response authentication, a collection of clients’ public keys are stored on the
device. Clients are authenticated using these stored public keys. Only clients that have a private
key that corresponds to one of the stored public keys can gain access to the device using SSH.

When DSA challenge-response authentication is enabled, the following events occur when a client
attempts to gain access to the device using SSH.

1. The client sends its public key to the device.

2. The device compares the client public key to those stored in memory.

3. If there is a match, the device uses the public key to encrypt a random sequence of bytes.

4. The device sends these encrypted bytes to the client.

AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET

W6ToHv8D1UJ/

z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om

1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cv

wHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9v

GfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA

vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB

AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS

n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5

sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV

Advertising
See also other documents in the category Brocade Computer Accessories: