beautypg.com

Creating a seed for generating a random number, Setting ssh authentication retries, Setting the ssh key size – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 22: Configuring ssh password authentication

background image

10

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring SSH

1

NOTE

The Brocade Virtual ADX may reset the SSH connection if the SSH client has the X-11 forwarding
option enabled.

Creating a seed for generating a random number

To create a new seed for generating a random number that is used for generating the dynamically
created server DSA key pair for SSH, enter the following command.

Virtual ADX(config)#crypto random-number-seed generate

Syntax: [no] crypto random-number-seed

Setting SSH authentication retries

To set the number of SSH authentication retries, enter the following command.

Virtual ADX(config)#ip ssh authentication-retries 5

Syntax: [no] ip ssh authentication-retries number

The number variable can be from 1 to 5. The default is 3.

Setting the SSH key size

The size of the host RSA key that resides in the system-config file is always 1024 bits and cannot
be changed. To set the SSH key size, enter the following command.

Virtual ADX(config)#ip ssh key-size 896

Syntax: [no] ip ssh key-size number

The number variable can be from 512 – 896 bits. The default is 768 bits.

Configuring SSH password authentication

By default, SSH password authentication is enabled.

After the SSH server on the Brocade Virtual ADX negotiates a session key and encryption method
with the connecting client, user authentication takes place. Of the methods of user authentication
available in SSH, Brocade’s implementation of SSH supports password authentication only.

With password authentication, users are prompted for a password when they attempt to log into the
device (unless empty password logins are not allowed; see ip ssh permit-empty-passwd). If there is
no user account that matches the user name and password supplied by the user, the user is not
granted access.

You can deactivate password authentication for SSH. However, since password authentication is
the only user authentication method supported for SSH, this means that no user authentication is
performed at all. Deactivating password authentication essentially disables the SSH server entirely.

To deactivate password authentication, enter the following command.

Virtual ADX(config)#ip ssh password-authentication no

Syntax: [no] ip ssh password-authentication no | yes

See also other documents in the category Brocade Computer Accessories: