Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop

161

162

163

164

165

166

167

168

169

170

Fabric OS Administrator’s Guide 121

53-1002148-02

Secure Shell protocol

Enter public key name(must have .pub suffix):id_dsa.pub

Enter login name:auser

Password:

Public key is imported successfully.

4. Test the setup by logging into the switch from a remote device, or by running a command

remotely using ssh.

Configuring outgoing SSH authentication

After the allowed-user is configured, the remaining setup steps must be completed by the

allowed-user. To configure outgoing authentication, follow these steps:

1. Log in to the switch as the default admin.

2. Change the allowed-user’s permissions to admin, if applicable.

switch:admin> userconfig --change username -r admin

Where username is the name of the user you want to perform SSH public key authentication,

import, export, and delete keys.

3. Set up the allowed-user by typing the following command:

switch:admin> sshutil allowuser username

Where username is the name of the user you want to perform SSH public key authentication,

import, export, and delete keys.

4. Generate a key pair for switch-to-host (outgoing) authentication by logging in to the switch as

the allowed user and entering the sshUtil genkey command.

You may enter a passphrase for additional security.

Example of generating a key pair on the switch

switch:alloweduser> sshutil genkey

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Key pair generated successfully.

5. Export the public key to the host by logging in to the switch as the allowed-user and entering

the sshUtil exportpubkey command to export the key.

Example of exporting a public key from the switch

switch:alloweduser> sshutil exportpubkey

Enter IP address:192.168.38.244

Enter remote directory:~auser/.ssh

Enter login name:auser

Password:

public key out_going.pub is exported successfully.

6. Append the public key to a remote host by logging in to the remote host, locating the directory

where authorized keys are stored, and appending the public key to the file.

You may need to refer to the host’s documentation to locate where the authorized keys are

stored.

7. Test the setup by using a command that uses SCP and authentication, such as

firmwareDownload or configUpload.