Dell FCX624-I Laptop User Manual


  Open as PDF
of 1494
 
1206 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring SSH2
33
Password authentication, where users attempting to gain access to the device using an SSH
client are authenticated with passwords stored on the device or on a TACACS/TACACS+ or
RADIUS server
Both kinds of user authentication are enabled by default. You can configure the device to use one
or both of them.
Follow the steps given below to configure Secure Shell on a Brocade device.
1. If necessary, recreate the SSH keys
2. Generate a host DSA public and private key pair for the device
3. Configure DSA challenge-response authentication
4. Set optional parameters
You can also view information about active SSH connections on the device as well as terminate
them.
Recreating SSH keys
You must recreate SSH keys after any one of the following events:
After upgrading from a software release that supports SSH1, to a software release that
supports SSH2.
After downgrading a software release that supports SSH2, to a software release that supports
SSH1
To recreate SSH keys, enter the following command.
PowerConnect(config)#crypto key generate
Syntax: crypto key generate
Generating a host key pair
When SSH is configured, a public and private host DSA key pair is generated for the Dell
PowerConnect device. The SSH server on the Brocade device uses this host DSA key pair, along
with a dynamically generated server DSA key pair, to negotiate a session key and encryption
method with the client trying to connect to it.
The host DSA key pair is stored in the system-config file of the Dell PowerConnect device. Only the
public key is readable. The public key should be added to a “known hosts” file (for example,
$HOME/.ssh/known_hosts on UNIX systems) on the clients who want to access the device. Some
SSH client programs add the public key to the known hosts file automatically; in other cases, you
must manually create a known hosts file and place the public key of the Dell PowerConnect device
in it.
While the SSH listener exists at all times, sessions can not be started from clients until a key is
generated. Once a key is generated, clients can start sessions. The keys are also not displayed in
the configuration file by default. To display the keys, use the ssh show-host-keys command in
Privileged EXEC mode.
To generate a public and private DSA host key pair on a Dell PowerConnect device, enter the
following command.
PowerConnect(config)#crypto key generate