Brocade Fabric OS Command Reference - Supporting Fabric OS v7.0.1 (53-1002447-01, March 2012)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

971

972

973

974

975

976

977

978

979

980

Fabric OS Command Reference 953

53-1001764-01

sshUtil

genkey

Generates an RSA private/public key pair on the local switch. This option can be

performed only by a configured user. This option enables authentication for

outgoing connections from the switch to a remote host. You must export the public

key to a remote host to complete the setup. For incoming connections, the

private/public key must first be generated on the remote host by issuing

ssh-genkey -t dsa (a UNIX command), and then importing the public key from

the remote host to the switch using the sshutil import command.

genkey prompts for user input on the following parameters:

passphrase

Accepts a string of arbitrary length. This operand is optional, but creating a pass

phrase is strongly recommended. A strong pass phrase is 10-30 characters long,

fairly complex and difficult to guess. and contains a mix of upper and lowercase

letters, numbers, and nonalphanumeric characters. There is no way to recover a

lost pass phrase. If the pass phrase is lost, a new key must be generated and

copied to the corresponding public key to other machines.

exportpubkey

Exports the public key from the switch to a specified remote host to support

outgoing connections from the switch to a remote host. This option can only be

performed by a configured user. The successfully exported public key must be

appended to the authorized_keys file on the remote host. Use the cat

~/.ssh/outgoing.pub >> ~/.ssh/authorized_keys command to append the file.

exportpubkey prompts for IP Address, remote directory, login name and

password. Refer to importpubkey for a description of these parameters.

delprivkey

Deletes the private key for outgoing connection from the switch. This option can

only be performed by a configured user. Deletion of a configured user's private

keys effectively blocks outgoing connections initiated by this user that rely on

public key authentication with a remote host.

help

Displays the command usage.

EXAMPLES To configure a user for public key authentication:

switch:admin> sshutil allowuser username

Allowed user has been successfully changed to username.

To display the configured user:

switch:admine> sshutil showuser

username

To set up SSH public key authentication on a switch for incoming connections:

1. Generate a private/public key pair on a remote host (accept default directory and file name):

username@remotehost> ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key \

(/users/home/username/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):passphrase

Enter same passphrase again: passphrase

Your identification has been saved in \