05-07-2013 01:10 PM
I want to activate the SSH login to manage my brocade switch.
I'm searching the guide and I don't find the command to activate SSH.
Do I need to generate a key ?
Can you list me all the command I need to be able to log in using the local database.
05-07-2013 03:37 PM
Yes, you need to generate a key. See the excerpt below from the FastIron 7.4 Configuration Guide:
To enable SSH, you generate a public and private DSA or RSA host key pair on the device. The SSH
server on the Brocade device uses this host DSA or RSA key pair, along with a dynamically
generated server DSA or RSA key pair, to negotiate a session key and encryption method with the
client trying to connect to it.
While the SSH listener exists at all times, sessions can not be started from clients until a host key is
generated. After a host key is generated, clients can start sessions.
To disable SSH, you delete all of the host keys from the device.
When a host key pair is generated, it is saved to the flash memory of all management modules.
When a host key pair is is deleted, it is deleted from the flash memory of all management modules.
The time to initially generate SSH keys varies depending on the configuration, and can be from a
under a minute to several minutes.
05-07-2013 05:06 PM
To get the keys use;
SSH@swtich(config)#crypto key generate
You may want to also set a timeout via
SSH@GODSswtich(config)#ip ssh timeout NUM (where num is number of minutes till timeout)
05-10-2013 07:46 AM
Lets break this down into steps:
1) generate a key
#crypto key gen
2) create an ACL access group and bind it to the SSH login
#access-list 10 permit <ip_address/maskbits>
... repeat as necessary ...
#ssh access-group 10
3) set an idle timeout
#ip ssh idle-time 20 !time in minutes
4) set a login timeout
#ip ssh timeout 60 !time in seconds
5) consider disabling telnet (optional)
#no telnet server
6) Now create the local login accounts:
#user icxadmin privilege 0 pass <yourSuperSecurePassword>
7) Configure AAA to use the local user database as default
#aaa authentication login default local
8) Consider enabling user/pass requirement for console access too (optional)
#enable aaa console
Always keep your routers/switches secure and document your configuration, including access settings, in your secure run book.