Nov 06, 2012 When initially configuring your Brocade ADX1000 ServerIron getting ssh to work is a lot harder than you would expect. If you have done the right thing and are using the official Brocade manuals then you will be given examples of enabling ssh using RSA keys. Mar 10, 2014 Brocade Switch: How To Configure SSH And Disable Telnet On The FCX and ICX Series Switches. Switch(config)# crypto key generate rsa. I could not figure out why.
Please enable JavaScript in your browser and refresh the page.
Generates the crypto key to enable SSH.
Syntax
Syntax
crypto keygenerate[dsa|rsa[moduluskey-size]]
Generate Brocade Mlx Rsa Key Mac
Command Default
A crypto key is not generated and SSH is not enabled.
Parameters
dsa
Generates the DSA host key pair.
rsa
Generates the RSA host key pair.
moduluskey-size
Specifies the modulus size of the RSA key pair, in bits. The valid values for the modulus size are 1024 or 2048. The default value is 1024.
Usage Guidelines
The dsa keyword is optional. If you do not enter the dsa keyword, the crypto key generate command generates a DSA key pair by default.
To enable SSH, you generate a DSA or RSA host key on the device. The SSH server on the ICX device uses this host DSA or RSA key, along with a dynamically generated server DSA or RSA key pair, to negotiate a session key and encryption method with the client trying to connect to it. While the SSH listener exists at all times, sessions cannot be started from clients until a host key is generated. After a host key is generated, clients can start sessions. When a host key is generated, it is saved to the flash memory of all management modules. The time to initially generate SSH keys varies depending on the configuration, and can be from a under a minute to several minutes.
To disable SSH, you delete all of the host keys from the device. When a host key is deleted, it is deleted from the flash memory of all management modules.
Generate Brocade Mlx Rsa Key Generator
An RSA key with modulus 2048 must be used in FIPS or Common Criteria mode.
Examples
The following example shows how to generate the DSA host key pair.
The following example shows how to generate the RSA key pair.
When one generates a RSA key on a Huawei switch, the default modulus size is 512. And that was the case for all S3700 and S6700 switches in Huawei Universal Distributed Storage. We can use the OpenSSH client to access the S3700 switches without any issue; however, when I tried to ssh to an S6700 switch, using the default SSH-2 protocol, I got the following error:
SSH-1 works:
but SSH-1 has inherent design flaws which make it vulnerable.
Let's fix it™!
Log in to the switch using SSH-1.
Enter the system view:
Generate a new local key pair with a modulus size of 1024:
Voila! We don't even need to restart the SSH server or reboot the switch. From now on, we can log in to the switch using SSH-2. But don't forget to delete the old RSA host key from ~/.ssh/known_hosts.