Fabric OS Command Reference 901
53-1001764-02
sshUtil
2
genkey prompts for user input on the following parameters:
passphrase
Accepts a string of arbitrary length. This operand is optional, but creating a
pass-phrase is strongly recommended. Good pass phrases are 10-30
characters long, are not simple sentences or otherwise easily guessable and
contain a mix of upper and lowercase letters, numbers, and
nonalphanumeric characters. There is no way to recover a lost pass phrase. If
the pass phrase is lost or forgotten, a new key must be generated and copied
to the corresponding public key to other machines.
exportpubkey Exports the public key from the switch to a specified remote host to support
outgoing connections from the switch to a remote host. This option can only
be performed by a configured user. The successfully exported public key must
be appended to the authorized_keys file on the remote host. Use the cat
~/.ssh/outgoing.pub >> ~/.ssh/authorized_keys command to append the
file.
exportpubkey prompts for IP Address, remote directory, login name and
password. Refer to importpubkey for a description of these parameters.
delprivkey Deletes the private key for outgoing connection from the switch. This option
can only be performed by a configured user. Deletion of a configured user's
private keys effectively blocks outgoing connections initiated by this user that
rely on public key authentication with a remote host.
help Displays the command usage.
Examples To configure a user for public key authentication:
switch:admin>
sshutil allowuser username
Allowed user has been successfully changed to username.
To display the configured user:
switch:username> sshutil showuser
username
To set up SSH public key authentication on a switch for incoming connections:
1. Generate a private/public key pair on a remote host (accept default directory and file name):
username@remotehost> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/users/home/username/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):passphrase
Enter same passphrase again: passphrase
Your identification has been saved in /users/home/username/.ssh/id_dsa.
Your public key has been saved in /users/home/username/.ssh/id_dsa.pub.
The key fingerprint is:
3 0:9f:ae:b6:7f:7e:55:e4:b2:7a:51:f0:95:44:5c:d1 username@host
2. Import the public key from the remote host to the local switch:
switch:username> sshutil importpubkey
Enter IP address:Remote host IP Address
Enter remote directory: ~username/.ssh
Enter public key name(must have .pub suffix):id_dsa.pub
Enter login name:username
To Next Page
