beautypg.com

Configuring dsa public key authentication, Importing authorized public keys into the device – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 265

background image

Multi-Service IronWare Security Configuration Guide

247

53-1003035-02

SSH server version 2 support

5

Configuring DSA public key authentication

With DSA public key authentication, a collection of clients’ public keys are stored on the device.
Clients are authenticated using these stored public keys. Only clients that have a private key that
corresponds to one of the stored public keys can gain access to the device using SSH server.

When DSA challenge-response authentication is enabled, the following events occur when a client
attempts to gain access to the device using SSH server.

1. The client sends its public key to the device.

2. The device compares the client’s public key to those stored in memory.

3. If there is a match, the device uses the public key to encrypt a random sequence of bytes.

4. The device sends these encrypted bytes to the client.

5. The client uses its private key to decrypt the bytes.

6. The client sends the decrypted bytes back to the device.

7. The device compares the decrypted bytes to the original bytes it sent to the client. If the two

sets of bytes match, it means that the client’s private key corresponds to an authorized public
key, and the client is authenticated.

Setting up DSA public key authentication consists of the following steps:

1. Importing authorized public keys into the device.

2. Enabling DSA public key authentication

Importing authorized public keys into the device

SSH clients that support DSA authentication normally provide a utility to generate an DSA key pair.
The private key is usually stored in a password-protected file on the local host; the public key is
stored in another file and is not protected. You should collect one public key from each client to be
granted access to the device and place all of these keys into one file. This public key file is imported
into the device.

The following is an example of a public key file containing one public keys.

NOTE

Make sure the key ends with the complete phrase “---- END SSH2 PUBLIC KEY ----”
before importing the public key. Otherwise, a warning is displayed whenever the device is reloaded.

You can import the authorized public keys into the active configuration by loading them from a file
on a TFTP server and are saved on the EEPROM of the chassis.

---- BEGIN SSH2 PUBLIC KEY ----

Comment: DSA Public Key

AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET

W6ToHv8D1UJ/z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om

1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cv

wHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9v

GfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA

vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB

AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS

n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5

sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV

---- END SSH2 PUBLIC KEY ----

See also other documents in the category Brocade Computer Accessories: