Brocade Communications Systems 6650 Switch User Manual


 
78 Brocade ICX 6650 Security Configuration Guide
53-1002601-01
SSH2 client
The scp command can be used when TFTP access is unavailable or not permitted and the
command has an equivalent function to the ip ssh pub-key-file tftp command. For more information
on the ip ssh pub-key-file tftp command, refer to “Importing authorized public keys into the Brocade
device” on page 68.
SSH2 client
SSH2 client allows you to connect from a Brocade device to an SSH2 server, including another
Brocade device that is configured as an SSH2 server. You can start an outbound SSH2 client
session while you are connected to the device by any connection method (SSH2, Telnet, console).
Brocade devices support one outbound SSH2 client session at a time.
The supported SSH2 client features are as follows:
Encryption algorithms, in the order of preference:
- aes256-cbc
- aes192-cbc
- aes128-cbc
- 3des-cbc
SSH2 client session authentication algorithms:
- Password authentication
- Public Key authentication
Message Authentication Code (MAC) algorithm: hmac-sha1
Key exchange algorithm: diffie-hellman-group1-sha1
No compression algorithms are supported.
The client session can be established through either in-band or out-of-band management
ports.
The client session can be established through IPv4 or IPv6 protocol access.
The client session can be established to a server listening on a non-default SSH port.
Enabling SSH2 client
To use SSH2 client, you must first enable SSH2 server on the device. See “SSH2 authentication
types” on page 65.
When SSH2 server is enabled, you can use SSH client to connect to an SSH server using password
authentication.
Configuring SSH2 client public key authentication
To use SSH client for public key authentication, you must generate SSH client authentication keys
and export the public key to the SSH servers to which you want to connect.
The following sections describe how to configure SSH client public key authentication:
“Generating and deleting a client DSA key pair” on page 79
“Generating and deleting a client RSA key pair” on page 79