Setting the number of ssh authentication retries, Deactivating user authentication, Enabling empty password logins – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 160

background image

126

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Setting optional parameters

Setting the number of SSH authentication retries

By default, the device attempts to negotiate a connection with the connecting host three times. The
number of authentication retries can be changed to between 1 – 5.

For example, the following command changes the number of authentication retries to 5.

TurboIron(config)#ip ssh authentication-retries 5

Syntax: ip ssh authentication-retries

Deactivating user authentication

After the SSH server on the device negotiates a session key and encryption method with the
connecting client, user authentication takes place. The Brocade implementation of SSH supports
DSA challenge-response authentication and password authentication.

With DSA challenge-response authentication, a collection of clients’ public keys are stored on the
device. Clients are authenticated using these stored public keys. Only clients that have a private
key that corresponds to one of the stored public keys can gain access to the device using SSH.

With password authentication, users are prompted for a password when they attempt to log into the
device (provided empty password logins are not allowed). If there is no user account that matches
the user name and password supplied by the user, the user is not granted access.

You can deactivate one or both user authentication methods for SSH. Note that deactivating both
authentication methods essentially disables the SSH server entirely.

To disable DSA challenge-response authentication, enter the following command.

TurboIron(config)#ip ssh key-authentication no

Syntax: ip ssh key-authentication yes | no

The default is yes.

To deactivate password authentication, enter the following command.

TurboIron(config)#ip ssh password-authentication no

Syntax: ip ssh password-authentication no | yes

The default is yes.

Enabling empty password logins

By default, empty password logins are not allowed. This means that users with an SSH client are
always prompted for a password when they log into the device. To gain access to the device, each
user must have a user name and password. Without a user name and password, a user is not
granted access.

If you enable empty password logins, users are not prompted for a password when they log in. Any
user with an SSH client can log in without being prompted for a password.

To enable empty password logins, enter the following command.

TurboIron(config)#ip ssh permit-empty-passwd yes

Syntax: ip ssh permit-empty-passwd no | yes

See also other documents in the category Brocade Computer Accessories: