beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 261

background image

Multi-Service IronWare Security Configuration Guide

243

53-1003035-02

SSH server version 2 support

5

The host DSA key pair is stored in the device’s system-config file. Only the public key is readable.
The public key should be added to a “known hosts” file (for example, $HOME/.ssh/known_hosts on
OpenSSH Linux & UNIX systems) on the clients who want to access the device. Some SSH client
programs add the public key to the known hosts file automatically; in other cases, you must
manually create a known hosts file and place the device’s public key in it. Refer to

“Providing the

public key to clients”

for an example of what to place in the known hosts file.

NOTE

This describes the OpenSSH (Linux) SSH client and server. Others are not the same procedure.

While the SSH server listener exists at all times, sessions can not be started from clients until a key
is generated. Once a key is generated, clients can start sessions. The keys are not displayed in the
configuration file by default. The default DSA is used when the DSA or RSA keyword not specified.
To display the keys, use the ssh show-host-keys command in Privileged EXEC mode. To generate a
public and private DSA host key pair on a device, enter the following commands.

Brocade(config)# crypto key generate

When a host key pair is generated, it is saved to the flash memory of all management modules.

To disable SSH server in SSHv2 on a device, enter the following commands.

Brocade(config)# crypto key zeroize

When SSH server is disabled, it is deleted from the flash memory of all management modules.

NOTE

This command without the DSA or RSA keyword will delete both encryption key pairs (RSA and DSA).

Syntax: crypto key generate | zeroize {dsa|rsa}

The generate keyword places a host key pair in the flash memory and enables the SSH server on
the device, if it is not already enabled.

The zeroize keyword deletes the host key pair from the flash memory and disables the SSH server if
no other server host keys exist on the device.

The dsa keyword specifies a DSA host key pair. This keyword is optional. If you do not enter it, the
command crypto key generate generates a DSA key pair by default, and the command crypto key
zeroize works.

By default, public keys are hidden in the running configuration. You can optionally configure the
device to display the DSA host key pair in the running configuration file entering the following
command. In 5.300, the ssh show command has been modified to the command below:

Brocade# ssh show-host-keys

Syntax: ssh show-host-keys

To hide the public keys in the running configuration file, enter the following command.

Brocade# ssh no-show-host-keys

Syntax: ssh no-show-host-keys

See also other documents in the category Brocade Computer Accessories: