beautypg.com

Secure copy, Secure shell protocol – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 175

background image

Secure Copy

The Secure Copy protocol (SCP) runs on port 22. It encrypts data during transfer, thereby avoiding
packet sniffers that attempt to extract useful information during data transfer. SCP relies on SSH to
provide authentication and security.

Setting up SCP for configuration uploads and downloads

Use the following procedure to configure SCP for configuration uploads and downloads.

1. Connect to the switch and log in using an account with admin permissions.
2. Enter one of the following commands:

• If Virtual Fabrics is enabled, enter the configurechassis command.
• If Virtual Fabrics is not enabled, enter the configure command.

3. Enter y at the cfgload attributes prompt.
4. Enter y at the Enforce secure configUpload/Download prompt.

Example of setting up SCP for configUpload/download

switch:admin# configure

Not all options will be available on an enabled switch.

To disable the switch, use the "switchDisable" command.

Configure...

System services (yes, y, no, n): [no] n

ssl attributes (yes, y, no, n): [no] n

http attributes (yes, y, no, n): [no] n

snmp attributes (yes, y, no, n): [no] n

rpcd attributes (yes, y, no, n): [no] n

cfgload attributes (yes, y, no, n): [no] y

Enforce secure config Upload/Download (yes, y, no, n): [no]# y

Enforce signature validation for firmware (yes, y, no, n): [no]#

Secure Shell protocol

To ensure security, Fabric OS supports Secure Shell (SSH) encrypted sessions. SSH encrypts all
messages, including the client transmission of the password during login.

The SSH package contains a daemon (sshd), which runs on the switch. The daemon supports a wide
variety of encryption algorithms, such as Digital Encryption Standard (DES) and Advanced Encryption
Standard (AES).

NOTE
To maintain a secure network, you should avoid using Telnet or any other unprotected application when
you are working on the switch.

Commands that require a secure login channel must originate from an SSH session. If you start an SSH
session, and then use the login command to start a nested SSH session, commands that require a
secure channel will be rejected.

Fabric OS supports OpenSSH version 6.2p2 and OpenSSL version 1.0.1e with the heartbeat feature
disabled .

Secure Copy

Fabric OS Administrators Guide

175

53-1003130-01

See also other documents in the category Brocade Computer Accessories: