beautypg.com

Generating and deleting a client rsa key pair, Exporting client public keys, Using ssh2 client – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 98

background image

Generating and deleting a client RSA key pair

To generate a client RSA key pair, enter a command such as the following:

device(config)#crypto key client generate rsa modulus 2048

To delete the RSA host key pair, enter the following command.

device(config)#crypto key client zeroize rsa

Syntax: crypto key client { generate | zeroize } rsa [ modulus modulus-size ]

The generate keyword places an RSA host key pair in the flash memory.

The zeroize keyword deletes the RSA host key pair from the flash memory.

The optional [modulus modulus-size ] parameter specifies the modulus size of the RSA key pair, in
bits. The valid values for modulus-size are 1024 or 2048. It is used only with the generate parameter.
The default value is 1024.

The rsa keyword specifies an RSA host key pair.

Exporting client public keys

Client public keys are stored in the following files in flash memory:

• A DSA key is stored in the file $$sshdsapub.key .
• An RSA key is stored in the file $$sshrsapub.key .

To copy key files to a TFTP server, you can use the copy flash tftp command.

You must copy the public key to the SSH server. If the SSH server is a brocade device, see the
section

Importing authorized public keys into the Brocade device

on page 86.

Using SSH2 client

To start an SSH2 client connection to an SSH2 server using password authentication, enter a
command such as the following:

device# ssh 10.10.10.2

To start an SSH2 client connection to an SSH2 server using public key authentication, enter a
command such as the following:

device# ssh 10.10.10.2 public-key dsa

Syntax: ssh ipv4Addr | ipv6Addr | host-name [ public-key [ dsa | rsa ] ] [ port portnum ]

The ipv4Addr , ipv6Addr , and host-name variables identify an SSH2 server. You identify the server to
connect to by entering its IPv4 or IPv6 address or its hostname.

The optional [public-key [dsa | rsa]] parameter specifies the type of public key authentication to use
for the connection, either DSA or RSA. If you do not enter this parameter, the default authentication
type is password.

The optional port portnum parameter specifies that the SSH2 connection will use a non-default SSH2
port, where portnum is the port number. The default port number is 22.

Generating and deleting a client RSA key pair

98

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: