Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 1112

background image

1082

Fabric OS Command Reference

53-1003131-01

sshUtil

2

delpubkey

Deletes all imported public keys associated with a specified user on the switch or
with all users. This command prompts for the user name associated with the
public keys. Enter "all" to delete the public keys of all users. Deletion of a
configured user's public keys effectively blocks incoming connections from this
user that rely on public key authentication with the switch.

genkey [-rsa | -dsa | -ecdsa]

Generates a private or public key pair for the selected type on the local switch.
This option can be performed only by a configured user. This option enables
authentication for outgoing connections from the switch to a remote host. You
must export the public key to a remote host to complete the setup. For incoming
connections, the private or public key must first be generated on the remote host
by issuing ssh-genkey -t dsa (a UNIX command), and then importing the public
key from the remote host to the switch using the sshutil import command.

genkey prompts for user input on the following parameters:

passphrase

Accepts a string of arbitrary length. This operand is optional, but creating a pass
phrase is strongly recommended. A strong pass phrase is 10-30 characters long,
fairly complex and difficult to guess. and contains a mix of upper and lowercase
letters, numbers, and nonalphanumeric characters. There is no way to recover a
lost pass phrase. If the pass phrase is lost, a new key must be generated and
copied to the corresponding public key to other machines.

exportpubkey

Exports the public key from the switch to a specified remote host to support
outgoing connections from the switch to a remote host. This option can only be
performed by a configured user. The successfully exported public key must be
appended to the authorized_keys file on the remote host. Use the cat
~/.ssh/outgoing.pub >> ~/.ssh/authorized_keys
command to append the file.

exportpubkey prompts for IP Address, remote directory, login name and
password. Refer to importpubkey for a description of these parameters.

delprivkey

Deletes the private key for outgoing connection from the switch. This option can
only be performed by a configured user. Deletion of a configured user's private
keys effectively blocks outgoing connections initiated by this user that rely on
public key authentication with a remote host.

delknownhost

Deletes the known host name or IP address from the file .ssh/known_hosts. This
option can only be performed by the authorized user. On deletion of a known host
name or IP address from the .ssh/known_hosts file, the next SSH connection
prompts the user to accept a new public key.

help

Displays the command usage.

EXAMPLES

To configure a user for public key authentication:

switch:admin> sshutil allowuser username

Allowed user has been successfully changed to username.

To display the configured user:

switch:admine> sshutil showuser

username