HP StorageWorks 4/256 Brocade Fabric OS Administrator's Guide v6.3.0 (53-10013 - Page 148
SSH public key authentication, Allowed-user, Configuring SSH authentication
View all HP StorageWorks 4/256 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 148 highlights
6 Secure Shell protocol SSH public key authentication OpenSSH public key authentication provides password-less logins, known as SSH authentication, that uses public and private key pairs for incoming and outgoing authentication. This feature allows only one allowed-user to be configured to utilize OpenSSH public key authentication. Using OpenSSH RSA and DSA, the authentication protocols are based on a pair of specially generated cryptographic keys, called the private key and the public key. The advantage of using these key-based authentication systems is that in many cases, it is possible to establish secure connections without having to manually type in a password. RSA and DSA asynchronous algorithms are FIPS-compliant. Allowed-user The default admin user must set up the allowed-user with the admin role. By default, the admin is the configured allowed-user. While creating the key pair, the configured allowed-user can choose a passphrase with which the private key is encrypted. Then the passphrase must always be entered when authenticating to the switch. The allowed-user must have an admin role that can perform OpenSSH public key authentication, import and export keys, generate a key pair for an outgoing connection, and delete public and private keys. After the allowed-user is changed, all the public keys related to the old allowed-user are lost. Configuring SSH authentication Incoming authentication is used when the remote host needs to authenticate to the switch. Outgoing authentication is used when the switch needs to authenticate to a server or remote host, more commonly used for the configUpload command. Both password and public key authentication can coexist on the switch. After the allowed-user is configured, the remaining setup steps must be completed by the allowed-user. 1. Log in to the switch as the default admin. 2. Change the allowed-user's role to admin, if applicable. switch:admin> userconfig --change username -r admin Where username is the name of the user you want to perform SSH public key authentication, import, export, and delete keys. 3. Set up the allowed-user by typing the following command: switch:admin> sshutil allowuser username Where username is the name of the user you want to perform SSH public key authentication, import, export, and delete keys. 4. Generate a key pair for host-to-switch (incoming) authentication by logging in to your host as admin, verifying that SSH v2 is installed and working (refer to your host's documentation as necessary) by typing the following command: switch:admin> ssh-keygen -t dsa If you need to generate a key pair for outgoing authentication, skip steps 4 and 5 and proceed to step 6. 106 Fabric OS Administrator's Guide 53-1001336-01