Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

181

182

183

184

185

186

187

188

189

190

You will be prompted to enter the name of the user whose the public keys you want to delete. Enter all to delete public keys for

all users.

For more information on IP filter policies, refer to Configuring Security Policies on page 215.

Deleting private keys on the switch

Use the following procedure to delete private keys from the switch.

1. Log in to the switch as the allowed-user.

2. Use the sshUtil delprivkey command to delete the private key.

For more information on IP filter policies, refer to Configuring Security Policies on page 215.

Generate and install hostkey on a switch

You can generate, install, display, delete SSH hostkeys on a switch.

1. Log in to the switch as the allowed-user.

2. Run the sshUtil genHostKey -[rsa|dsa|ecdsa ] command to generate and install the SSH hostkey.

3. Run the sshUtil showHostKey command to display current SSH hostkeys installed on the switch.

4. Run the sshUtil deleteHostKey command to delete the selected SSH hostkeys on the switch.

Managing SecCryptoCfg templates

SecCryptoCfg templates provide granularity in choosing, verifying, and confirming the switch cipher configurations as per the

requirement, for example Certificate Authorities. Templates can be used to configure the ciphers based on the requirement. Currently,

templates are supported for TLS, SSH and FIPS configuration. You can use the secCryptoCfg CLI to configure ciphers and FIPS mode

through a template file. Templates consists of key value pairs for configuring ciphers such as for RADIUS, LDAP, HTTPS, SSH ciphers,

SSH key exchange algorithms, and SSH MAC.

The following default templates are available and supported:

∙ Default Configuration (default_generic)

∙ Secured configuration (default_strong)

∙ FIPS configuration (default_fips)

∙ CC configuration (default_cc)

A default template can be specific to the requirements of a certification or based on the definition of security configurations for various

security levels. For example, high security configuration template can enforce high security strengths that are not FIPS approved too.

You cannot overwrite the default configurations but can upload the configurations, edit, and then download it with a different name. You

can create a new template similar to default templates, download, and apply. Only a maximum of eight templates including the default

templates are supported.

Format and rule of the template

∙ The templates must be organized into the following groups and options:

Group Option

SSH Kex, Mac, Enc

HTTPS Ciphers

AAA RAD_Ciphers, LDAP_Ciphers

Configuring Protocols

Brocade Fabric OS Administration Guide, 8.0.1

190 53-1004111-02