beautypg.com

Generating and deleting a dsa key pair, Generating and deleting an rsa key pair – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 262

background image

244

Multi-Service IronWare Security Configuration Guide

53-1003035-02

SSH server version 2 support

5

Enabling and disabling SSH server by generating and deleting host keys

To enable SSH server, you must generate a public and private DSA or RSA host key pair on the
device. The SSH server on the Brocade device uses this host DSA or RSA key pair, along with a
dynamically generated server DSA or RSA key pair, to negotiate a session key and encryption
method with the client trying to connect to it.

While the SSH server listener exists at all times, sessions can not be started from the client until a
host key is generated. After a host key is generated, clients can start sessions.

To disable SSH server, you delete all of the host keys from the device.

When a host key pair is generated, it is saved to the flash memory of all management modules.
When a host key pair is deleted, it is deleted from the flash memory of all management modules.

The time range to initially generate SSH server keys varies. Refer to the section

“Providing the

public key to clients”

for initial SSH server key generation time ranges

Generating and deleting a DSA key pair

To generate a DSA key pair, enter the following command.

Brocade(config)#crypto key generate dsa

To delete the DSA host key pair, enter the following command.

Brocade(config)#crypto key zeroize dsa

Syntax: crypto key generate | zeroize dsa

The generate keyword places a host key pair in the flash memory and enables SSH server on the
device, if it is not already enabled.

The zeroize keyword deletes the host key pair from the flash memory. This disables SSH server if no
other server host keys exist on the device.

The dsa keyword specifies a DSA host key pair. This keyword is optional. If you do not enter it, the
command crypto key generate generates a DSA key pair by default.

Generating and deleting an RSA key pair

To generate an RSA key pair, enter a command such as the following:

Brocade(config)#crypto key generate rsa modulus 2048

To delete the RSA host key pair, enter the following command.

Brocade(config)#crypto key zeroize rsa

Syntax: crypto key generate | zeroize rsa [modulus modulus-size]

The generate keyword places an RSA host key pair in the flash memory and enables SSH server on
the device, if it is not already enabled.

The optional [modulus modulus-size] parameter specifies the modulus size of the RSA key pair, in
bits. The valid values for modulus-size are 1024 or 2048. The default value is 2048.

The zeroize keyword deletes the RSA host key pair from the flash memory. This disables SSH if no
other authentication keys exist on the device.

The rsa keyword specifies an RSA host key pair.

See also other documents in the category Brocade Computer Accessories: