beautypg.com

Setting optional parameters, Deactivating user authentication – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 267

background image

Multi-Service IronWare Security Configuration Guide

249

53-1003035-02

SSH server version 2 support

5

Setting optional parameters

You can adjust the following SSH server settings on the device:

Number of SSH server authentication retries

User authentication method the device uses for SSH server connections

Whether or not the device allows users to log in without supplying a password

Port number for SSH server connections

SSH server login timeout value

A specific interface to be used as the source for all SSH server traffic from the device

Maximum idle time for SSH server sessions

Disable 3-DES support

Setting the number of SSH server authentication retries

By default, the device attempts to negotiate a connection with the connecting host three times. The
number of authentication retries can be changed to between 1 – 5.

For example, the following command changes the number of authentication retries to 5.

Brocade(config)# ip ssh authentication-retries 5

Syntax: ip ssh authentication-retries number

Deactivating user authentication

After the SSH server on the device negotiates a session key and encryption method with the
connecting client, user authentication takes place. The implementation of SSH server supports
DSA challenge-response authentication and password authentication.

With DSA challenge-response authentication, a collection of clients’ public keys are stored on the
device. Clients are authenticated using these stored public keys. Only clients that have a private
key that corresponds to one of the stored public keys can gain access to the device using SSH
server.

With password authentication, users are prompted for a password when they attempt to log into the
device (provided empty password logins are not allowed; refer to

“Enabling empty password

logins”

). If there is no user account that matches the user name and password supplied by the

user, the user is not granted access.

You can deactivate one or both user authentication methods for SSH server. Note that deactivating
both authentication methods essentially disables the SSH server entirely.

To disable DSA challenge-response authentication.

Brocade(config)# ip ssh key-authentication no

Syntax: ip ssh key-authentication yes | no

The default is “yes”.

To deactivate password authentication.

Brocade(config)# ip ssh password-authentication no

Syntax: ip ssh password-authentication no | yes

See also other documents in the category Brocade Computer Accessories: