beautypg.com

Enabling empty password logins, Setting the ssh server port number, Setting the ssh server login timeout value – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 268

background image

250

Multi-Service IronWare Security Configuration Guide

53-1003035-02

SSH server version 2 support

5

The default is “yes”.

Enabling empty password logins

By default, empty password logins are not allowed. This means that users with an SSH client are
always prompted for a password when they log into the device. To gain access to the device, each
user must have a user name and password. Without a user name and password, a user is not
granted access. Refer to “Setting up local user accounts” for information on setting up user names
and passwords on the device.

If you enable empty password logins, users are not prompted for a password when they log in. Any
user with an SSH client can log in without being prompted for a password.

To enable empty password logins.

Brocade(config)# ip ssh permit-empty-passwd yes

Syntax: ip ssh permit-empty-passwd no | yes

Setting the SSH server port number

By default, SSH server traffic occurs on TCP port 22. You can change this port number. For
example, the following command changes the SSH server port number to 2200.

Brocade(config)# ip ssh port 2200

NOTE

If you change the default SSH server port number, you must configure SSH clients to connect to the
new port. Also, you should be careful not to assign SSH server to a port that is used by another
service. If you change the SSH server port number, it is recommended that you change it to a port
number greater than 1024.

Syntax: ip ssh port number

Setting the SSH server login timeout value

When the SSH server attempts to negotiate a session key and encryption method with a connecting
client, it waits a maximum of 120 seconds for a response from the client. If there is no response
from the client after 120 seconds, the SSH server disconnects. You can change this timeout value
to between 1 – 120 seconds. For example, to change the timeout value to 60 seconds.

Brocade(config)# ip ssh timeout 60

Syntax: ip ssh timeout seconds

NOTE

The standard for the idle-timeout RADIUS attribute is for it to be implemented in seconds as opposed
to the minutes that the device router uses. If this attribute is used for setting idle time instead of this
configuration, the value from the idle-timeout RADIUS attribute will be converted to seconds and
truncated to the nearest minute.

See also other documents in the category Brocade Computer Accessories: