HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 93

Configuring the Telnet protocol

Get HP A7533A - Brocade 4Gb SAN Switch Base PDF manuals and user guides
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals

Page 93 highlights

Example: exporting a public key from the switch switch:kghanta> sshutil exportpubkey Enter IP address:192.168.38.244 Enter remote directory:~auser/.ssh Enter login name:auser Password: public key out_going.pub is exported successfully. 8. Append the public key to a remote host by logging in to the remote host, locating the directory where authorized keys are stored, and appending the public key to the file. You may need to refer to the host's documentation to locate where the authorized keys are stored. 9. Test the setup by issuing a command that uses SCP and authentication, such as firmwareDownload or configUpload. Deleting keys on the switch 1. Log in to the switch as the allowed-user. 2. Issue the sshUtil delprivkey command to delete the private key, or Issue the sshUtil delpubkeys command to delete all public keys. Configuring the Telnet protocol Telnet is enabled by default. To prevent users from passing clear text passwords over the network when they connect to the switch, you can block the Telnet protocol using an IP Filter policy. NOTE: Before blocking Telnet, make sure you have an alternate method of establishing a connection with the switch. Blocking Telnet To block Telnet: 1. Connect to the switch and log in as admin. Connect through some means other than Telnet: for example, through SSH. 2. Create a policy by issuing the following command: ipfilter --create -type < ipv4 | ipv6 > where policyname is the name of the new policy and -type specifies an IPv4 or IPv6 address. Example: ipfilter --create block_telnet_v4 --type ipv4 3. Add a rule to the policy, by issuing the following command: ipfilter --addrule -rule -sip -dp -proto -act where the -sip option can be given as any; dp is the port number for telnet (23), and -proto is tcp. Example: ipfilter --addrule block_telnet_v4 -rule 2 -sip any -dp 23 -proto tcp -act deny 4. Save the new ipfilter policy by issuing the following command: ipfilter --save [policyname] where [policyname] is the name of the policy and is optional. Fabric OS 6.1.1 administrator guide 93

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
Fabric OS 6.1.1 administrator guide
93
Example: exporting a public key from the switch
switch:kghanta>
sshutil exportpubkey
Enter IP address:
192.168.38.244
Enter remote directory:
~auser/.ssh
Enter login name:
auser
Password:
public key out_going.pub is exported successfully.
8.
Append the public key to a remote host by logging in to the remote host, locating the directory where
authorized keys are stored, and appending the public key to the file.
You may need to refer to the host’s documentation to locate where the authorized keys are stored.
9.
Test the setup by issuing a command that uses SCP and authentication, such as
firmwareDownload
or
configUpload
.
Deleting keys on the switch
1.
Log in to the switch as the allowed-user.
2.
Issue the
sshUtil delprivkey
command to delete the private key, or
Issue the
sshUtil delpubkeys
command to delete all public keys.
Configuring the Telnet protocol
Telnet is enabled by default. To prevent users from passing clear text passwords over the network when
they connect to the switch, you can block the Telnet protocol using an IP Filter policy.
NOTE:
Before blocking Telnet, make sure you have an alternate method of establishing a connection with
the switch.
Blocking Telnet
To block Telnet:
1.
Connect to the switch and log in as admin.
Connect through some means other than Telnet: for example, through SSH.
2.
Create a policy by issuing the following command:
ipfilter --create
<policyname>
-type < ipv4 | ipv6 >
where
policyname
is the name of the new policy and
-type
specifies an IPv4 or IPv6 address.
Example:
ipfilter --create block_telnet_v4 --type ipv4
3.
Add a rule to the policy, by issuing the following command:
ipfilter --addrule
<policyname>
-rule
<rule_number
> -sip <
source_IP
> -dp
<
dest_port
> -proto <
protocol
> -act <
deny
>
where the
-sip
option can be given as any; dp is the port number for telnet (23), and
-proto
is tcp.
Example:
ipfilter --addrule block_telnet_v4 -rule 2 -sip any -dp 23 -proto tcp -act deny
4.
Save the new ipfilter policy by issuing the following command:
ipfilter --save [
policyname
]
where
[
policyname
]
is the name of the policy and is optional.