Configuring secure shell – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 900
850
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
Configuring Secure Shell
41
Configuring Secure Shell
Secure Shell (SSH) includes server/client applications intended as a secure replacement for the
older remote access tools. SSH can also provide remote management access to this switch as a
secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch
generates a public-key that the client uses along with a local user name and password for access
authentication. SSH also encrypts all data transfers passing between the switch and SSH-enabled
management station clients, and ensures that data traveling over the network arrives unaltered.
NOTE
You need to install an SSH client on the management station to access the switch for management
via the SSH protocol.
The switch supports both SSH Version 1.5 and 2.0 clients.
Command Usage
The SSH server on this switch supports both password and public key authentication. If password
authentication is specified by the SSH client, then the password can be authenticated either locally
or via a RADIUS or TACACS+ remote authentication server, as specified on the System
Authentication page (
). If public key authentication is specified by the client, then you
must configure authentication keys on both the client and the switch as described in the following
section. Note that regardless of whether you use public key or password authentication, you still
have to generate authentication keys on the switch (SSH Host Key Settings) and enable the SSH
server (Authentication Settings).
To use the SSH server, complete these steps:
1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a host public/private
key pair.
2. Provide Host Public Key to Clients – Many SSH client programs automatically import the host
public key during the initial connection setup with the switch. Otherwise, you need to manually
create a known hosts file on the management station and place the host public key in it. An
entry for a public key in the known hosts file would appear similar to the following example:
10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254
15020245593199868544358361651999923329781766065830956 10825913212890233
76546801726272571413428762941301196195566782595664104869574278881462065194174
67729848654686157177393901647793559423035774130980227370877945452408397175264
6358058176716709574804776117
3. Import Client’s Public Key to the Switch – See
on page 854, or
tftp public-key
command (
) to copy a file containing the public key for all
the SSH client’s granted management access to the switch. (Note that these clients must be
configured locally on the switch via the User Accounts page as described on
.) The
clients are subsequently authenticated using these keys. The current firmware only accepts
public key files based on standard UNIX format as shown in the following example for an RSA
Version 1 key:
1024 35
13410816856098939210409449201554253476316419218729589211431738800555361616310
51775940838686311092912322268285192543746031009371877211996963178136627741416
8985132049117204830339254324101637997592371449011938006090253948408482717819
4372288402533115952134861022902978982721353267131629432532818915045306393916
643 [email protected]