Generating rsa key pair – Brocade Virtual ADX Global Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual
Page 64
54
Brocade Virtual ADX Global Server Load Balancing Guide
53-1003245-01
Secure GSLB
1
Generating RSA key pair
Before authentication can proceed, each ADX device that is secure GSLB enabled must generate a
static RSA public/private key pair for itself. The private key is used to prove the identity of the local
device. It never leaves the system. In comparison, the public key is sent to the remote peer. The
peer then uses that key to decrypt data.
The private key and public key compensate each other.
Private(Public(A)) = A and
Public(Private(A)) = A
You can refer to either operation as encryption and the other decryption. Many engineers refer to
the public key operation as encryption, and call the private key operation decryption.
Use the crypto key generate rsa command on both the controller and site ADX devices to generate
a random RSA public/private key pair. This key pair needs to be generated on each ADX device
involved in the secure GSLB communication. Since the keys on each box are generated together,
they are always in agreement.
Syntax: [no] crypto key generate rsa
Example
The following GSLB controller example assumes a minimum working GSLB configuration is already
set up (refer to
SLB-Ctrl-Virtual ADX(config)#ip dns domain-name example2.com
SLB-Ctrl-Virtual ADX(config)#crypto key generate rsa
Generating rsa
keypair..................................................................done!
rsapublic_key"10243516320480114350385337927420684604699847215100737339140179784
0463596710017038795521320990076735951547998548950700124427622983729636247496044
8810297880244822925958194700326493941745541854086588315530748050102379348032059
7889011743490357195498301864347794398342179943239191530516416905654211931607212
87517491 [email protected]"
rsa private_key "*************************"
Virtual ADX(config)#wr mem
.Write startup-config in progress.
..Write startup-config done.
Virtual ADX(config)#Saving SSH host keys process is ongoing. Please wait
.................................................................................
......Writing SSH host keys is done!
SLB-Ctrl-Virtual ADX(config)#^Z
SLB-Ctrl-Virtual ADX#reload
A write mem followed by a reload is required. Next, enter the crypto key generate rsa command on
the site ADX device and reload.
Notice the public key is cleartext whereas the private key is not.
NOTE
The crypto RSA component calls the same key functions as SSH. Similar to the SSH implementation,
the public and private keys for each ADX device are stored in its E2PROM. The private key cannot be
seen or displayed using any CLI commands or any other user interface. Not even an administrator
can gain access to the private key.