Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 88

Advertising
background image

68

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

SSH2 authentication types

1. The client sends its public key to the Brocade device.

2. The Brocade device compares the client public key to those stored in memory.

3. If there is a match, the Brocade device uses the public key to encrypt a random sequence of

bytes.

4. The Brocade device sends these encrypted bytes to the client.

5. The client uses its private key to decrypt the bytes.

6. The client sends the decrypted bytes back to the Brocade device.

7. The Brocade device compares the decrypted bytes to the original bytes it sent to the client. If

the two sets of bytes match, it means that the client private key corresponds to an authorized
public key, and the client is authenticated.

Setting up DSA or RSA challenge-response authentication consists of the following steps.

1. Import authorized public keys into the Brocade device.

2. Enable DSA or RSA challenge response authentication.

Importing authorized public keys into the Brocade device

SSH clients that support DSA or RSA authentication normally provide a utility to generate a DSA or
RSA key pair. The private key is usually stored in a password-protected file on the local host; the
public key is stored in another file and is not protected. You must import the client public key for
each client into the Brocade device.

Collect one public key of each key type (DSA and/or RSA) from each client to be granted access to
the Brocade device and place all of these keys into one file. This public key file may contain up to
17 keys. The following is an example of a public key file containing one public key:

NOTE

Each key in the public key file must begin and end with the first and last lines in this example. If your
client does not include these lines in the public key, you must manually add them.

Import the authorized public keys into the Brocade device active configuration by loading this
public key file from a TFTP server.

To load a public key file called pkeys.txt from a TFTP server, enter a command such as the following:

Brocade(config)# ip ssh pub-key-file tftp 192.168.1.234 pkeys.txt

---- BEGIN SSH2 PUBLIC KEY ----
Comment: DSA Public Key
AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET
W6ToHv8D1UJ/
z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om
1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cv
wHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9v
GfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA
vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB
AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS
n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5
sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV
---- END SSH2 PUBLIC KEY ----

Advertising
Popular Brands
Popular manuals