beautypg.com

Configuring dsa or rsa public key authentication, Deleting dsa and rsa key pairs, Providing the public key to clients – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 263

background image

Multi-Service IronWare Security Configuration Guide

245

53-1003035-02

SSH server version 2 support

5

Deleting DSA and RSA key pairs

To delete DSA and RSA key pairs from the flash memory, enter the following command:

FastIron(config)#crypto key zeroize

Syntax: crypto key zeroize

The zeroize keyword deletes the host key pair from the flash memory. This disables SSH server.

Providing the public key to clients

The host DSA or RSA key pair is stored in the system-config file of the Brocade device. Only the
public key is readable. Some SSH client programs add the public key to the known hosts file
automatically; in other cases, you must manually create a known hosts file and place the public key
of the Brocade device in it.

If you are using SSH server to connect to a Brocade device from a Linux or OpenSSH system, you
may need to add the public key on the Brocade device to a “known hosts” file on the client
OpenSSH system; for example, $HOME/.ssh/known_hosts. The following is an example of an entry
in a known hosts file.

Configuring DSA or RSA public key authentication

With DSA or RSA public key authentication, a collection of clients’ public keys are stored on the
Brocade device. Clients are authenticated using these stored public keys. Only clients that have a
private key that corresponds to one of the stored public keys can gain access to the device using
SSH server.

Setting up DSA or RSA private key authentication consists of the following steps.

1. Import authorized public keys into the Brocade device.

2. Enable DSA or RSA public key authentication.

Importing authorized public keys into the Brocade device

SSH clients that support DSA or RSA authentication normally provide a utility to generate a DSA or
RSA key pair. The private key is usually stored in a password-protected file on the local host; the
public key is stored in another file and is not protected. You must import the client public key for
each client into the Brocade device.

AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET

W6ToHv8D1UJ/

z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om

1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cv

wHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9v

GfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA

vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB

AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS

n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5

sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV

See also other documents in the category Brocade Computer Accessories: