Sshutil – Dell POWEREDGE M1000E User Manual

Page 931

Advertising
background image

Fabric OS Command Reference

899

53-1001764-02

sshUtil

2

sshUtil

Manages public key authentication.

Synopsis

sshutil allowuser user name

sshutil showuser

sshutil importpubkey

sshutil showpubkeys

sshutil delpubkeys

sshutil genkey

sshutil exportpubkey

sshutil delprivkey

sshutil help

Description

Use this command to enable and manage SSH public key authentication on a switch. SSH public
key authentication provides a mechanism for authenticating an authorized user without a
password. SSH public key authentication is more secure than password authentication and can be
used to securely access services that require automatic login.

SSH public key authentication works as follows:

An authorized user generates a pair of encryption keys (public and private) on a local machine (a
switch or a server). Messages encrypted with the private key can only be decrypted by the public
key, and vice versa. The private key remains on the local machine; the public key is exported to a
remote host. The remote host responds to login requests by sending a brief message encrypted
with the public key. The private key on the local host decrypts the message, and the login succeeds.

Use the sshutil command to do the following:

Configure a user to perform public key authentication and to manage keys on a switch.

Generate a private/public key pair on the local switch.

Import a public key from a remote host to the local switch.

Export the public key from the local switch to a remote host.

Delete the public keys associated with the configured user on the local switch.

Delete the private key on the local switch.

Notes

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may
be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command
Availability" for details.

Outgoing public key authentication from the switch to a remote host is restricted to Fabric OS
commands which use secure copy (SCP), such as configDownload/configUpload.

This command supports generation of a public/private key pair on the switch to enable outgoing
connections between a switch and a remote host. To set up incoming connections, you must first
generate the public/private key pair on a remote host and then import the public key to the switch.
Use the SSH utility ssh-keygen -t dsa to generate the keys on the remote host. Refer to your UNIX
system documentation for details on this command.

Advertising
Popular Brands
Popular manuals