beautypg.com

Configuring dsa challenge-response authentication, Providing the public key to clients – Brocade BigIron RX Series Configuration Guide User Manual

Page 1074

background image

996

BigIron RX Series Configuration Guide

53-1002484-04

Configuring SSH

31

By default, public keys are hidden in the running configuration. You can optionally configure the
device to display the DSA host key pair in the running configuration file entering the following
command.

BigIron RX# ssh show-host-keys

Syntax: ssh show-host-keys

To hide the public keys in the running configuration file, enter the following command.

BigIron RX# ssh no-show-host-keys

Syntax: ssh no-show-host-keys

Providing the public key to clients

If you are using SSH to connect to a device from a UNIX system, you may need to add the device’s
public key to a “known hosts” file; for example, $HOME/.ssh/known_hosts. The following is an
example of an entry in a known hosts file.

Configuring DSA challenge-response authentication

With DSA challenge-response authentication, a collection of clients’ public keys are stored on the
device. Clients are authenticated using these stored public keys. Only clients that have a private
key that corresponds to one of the stored public keys can gain access to the device using SSH.

When DSA challenge-response authentication is enabled, the following events occur when a client
attempts to gain access to the device using SSH.

1. The client sends its public key to the device.

2. The device compares the client’s public key to those stored in memory.

3. If there is a match, the device uses the public key to encrypt a random sequence of bytes.

4. The device sends these encrypted bytes to the client.

5. The client uses its private key to decrypt the bytes.

6. The client sends the decrypted bytes back to the device.

7. The device compares the decrypted bytes to the original bytes it sent to the client. If the two

sets of bytes match, it means that the client’s private key corresponds to an authorized public
key, and the client is authenticated.

Setting up DSA challenge-response authentication consists of the following steps.

AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET

W6ToHv8D1UJ/

z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om

1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cv

wHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9v

GfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA

vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB

AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS

n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5

sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV

See also other documents in the category Brocade Computer Accessories: