Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsSwitch4100
51525354555657585960
Fabric OS Administrator’s Guide 3-3
Publication Number: 53-0000518-09
Ensuring Network Security
3
Ensuring Network Security
To ensure security, Fabric OS supports secure shell (SSH) encrypted sessions. SSH encrypts all
messages, including the client’s transmission of password during login. The SSH package contains a
daemon (sshd), which runs on the switch. The daemon supports a wide variety of encryption algorithms,
such as Blowfish-CBC and AES.
Commands that require a secure login channel must be issued from an original SSH session. If you start
an SSH session, and then use the login command to start a nested SSH session, commands that require a
secure channel will be rejected.
Fabric OS v4.4.0 and later supports SSH protocol v2.0 (ssh2). For more information on SSH, refer to
the SSH IETF Web site:
http://www.ietf.org/ids.by.wg/secsh.html
Refer to SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett, Richard Silverman.
Fabric OS v4.4.0 comes with the SSH server preinstalled; however, you must select and install the SSH
client. For information on installing and configuring the F-Secure SSH client, refer to the Web site:
http://www.f-secure.com
Configuring the Telnet Interface
Telnet is enabled by default. To prevent users from passing clear text passwords over the network when
they connect to the switch, you can disable the telnet interface.
To disable telnet
1. Connect to the switch and log in as admin.
Connect through some other means than telnet: for example, through SSH.
2. Enter the following command:
N
ote
To maintain a secure network, you should avoid using telnet or any other unprotected application when
you are working on the switch. For example, if you use telnet to connect to a machine, and then start an
SSH or secure telnet session from that machine to the switch, the communication to the switch is in clear
text and therefore is not secure.
The FTP protocol is also not secure. When you use FTP to copy files to or from the switch, the contents
are in clear text. This includes the remote FTP server's login and password. This limitation affects the
following commands: saveCore, configUpload, configDownload, and firmwareDownload.
N
ote
Before disabling the telnet interface, make sure you have an alternate method of establishing a
connection with the switch.
configure telnetd