Ethernet Switches & Routers

New Contributor
Posts: 3
Registered: ‎05-07-2013

Howto configure SSH on brocade 64XX series

I want to activate the SSH login to manage my brocade switch.

I'm searching the guide and I don't find the command to activate SSH.

Do I need to generate a key ?

Can you list me all the command I need to be able to log in using the local database.


Frequent Contributor
Posts: 160
Registered: ‎08-07-2009

Re: Howto configure SSH on brocade 64XX series

Yes, you need to generate a key. See the excerpt below from the FastIron 7.4 Configuration Guide:

To enable SSH, you generate a public and private DSA or RSA host key pair on the device. The SSH
server on the Brocade device uses this host DSA or RSA key pair, along with a dynamically
generated server DSA or RSA key pair, to negotiate a session key and encryption method with the
client trying to connect to it.
While the SSH listener exists at all times, sessions can not be started from clients until a host key is
generated. After a host key is generated, clients can start sessions.
To disable SSH, you delete all of the host keys from the device.
When a host key pair is generated, it is saved to the flash memory of all management modules.
When a host key pair is is deleted, it is deleted from the flash memory of all management modules.
The time to initially generate SSH keys varies depending on the configuration, and can be from a
under a minute to several minutes.


Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Howto configure SSH on brocade 64XX series


     To get the keys use;

SSH@swtich(config)#crypto key generate

     You may want to also set a timeout via

SSH@GODSswtich(config)#ip ssh timeout NUM (where num is number of minutes till timeout)



Occasional Contributor
Posts: 13
Registered: ‎01-16-2013

Re: Howto configure SSH on brocade 64XX series

Lets break this down into steps:

1) generate a key

     #crypto key gen

2) create an ACL access group and bind it to the SSH login

     #access-list 10 permit <ip_address/maskbits>

     ... repeat as necessary ...

     #ssh access-group 10

3) set an idle timeout

     #ip ssh idle-time 20  !time in minutes

4) set a login timeout

     #ip ssh timeout 60  !time in seconds

5) consider disabling telnet (optional)

     #no telnet server

6) Now create the local login accounts:

     #user icxadmin privilege 0 pass <yourSuperSecurePassword>

7) Configure AAA to use the local user database as default

     #aaa authentication login default local

8) Consider enabling user/pass requirement for console access too (optional)

     #enable aaa console

Always keep your routers/switches secure and document your configuration, including access settings, in your secure run book.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook