mirror of
https://github.com/Fohdeesha/lab-docu.git
synced 2024-12-01 11:33:23 +01:00
Merge pull request #40 from markovanderpuil/patch-1
Add some ssh specifics to icx6xxx-adv.md
This commit is contained in:
commit
78c80a93e1
@ -121,12 +121,32 @@ ip ssh interactive-authentication no
|
|||||||
Now we have to generate our key pair with [puttygen](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) on windows or ```ssh-keygen -t rsa``` on linux. The default settings of RSA @ 2048 bits works without issue. Generate the pair and save out both the public and private key.
|
Now we have to generate our key pair with [puttygen](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) on windows or ```ssh-keygen -t rsa``` on linux. The default settings of RSA @ 2048 bits works without issue. Generate the pair and save out both the public and private key.
|
||||||
>The ICX6xxx series do *not* support 4096 bit keys - when using `ssh-keygen` or `puttygen` etc, you must create 2048 bit keys.
|
>The ICX6xxx series do *not* support 4096 bit keys - when using `ssh-keygen` or `puttygen` etc, you must create 2048 bit keys.
|
||||||
|
|
||||||
|
For the Brocade to accept your public key file it should start with:
|
||||||
|
```
|
||||||
|
---- BEGIN SSH2 PUBLIC KEY ----
|
||||||
|
```
|
||||||
|
and end with:
|
||||||
|
```
|
||||||
|
---- END SSH2 PUBLIC KEY ----
|
||||||
|
```
|
||||||
|
Add those manually if it doesn't.
|
||||||
|
|
||||||
Copy the public key file to your TFTP server. Then use the following command to import it into your switch:
|
Copy the public key file to your TFTP server. Then use the following command to import it into your switch:
|
||||||
```
|
```
|
||||||
ip ssh pub-key-file tftp 192.168.1.8 public.key
|
ip ssh pub-key-file tftp 192.168.1.8 public.key
|
||||||
```
|
```
|
||||||
You shouldn't need to be told basic key management if you're following this section, but just in case - copy your private key to the proper location on the *nix machine you'll be SSH'ing from, or if you're on windows, load it using [pageant](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html). Now when you SSH to the switch, it will authenticate using your private key.
|
You shouldn't need to be told basic key management if you're following this section, but just in case - copy your private key to the proper location on the *nix machine you'll be SSH'ing from, or if you're on windows, load it using [pageant](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html). Now when you SSH to the switch, it will authenticate using your private key.
|
||||||
|
|
||||||
|
On linux and Mac Os X you'll want to add these lines to your ```~\.ssh\config``` file. IdentitiesOnly is to prevent ssh-agent from offering any other bigger (> 2048) keys first that will terminate the connection negotiation early. IdentityFile will use only this key for this connection. KexAlgorithms sets a key exchange algorithm both systems support.
|
||||||
|
|
||||||
|
```
|
||||||
|
Host <switch-ip>
|
||||||
|
IdentitiesOnly yes
|
||||||
|
IdentityFile ~/.ssh/private_key
|
||||||
|
KexAlgorithms +diffie-hellman-group1-sha1
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Name & Ditching The Serial Cable
|
## Name & Ditching The Serial Cable
|
||||||
Now that you have access and authentication configured, it only makes sense to christen it with a name of your choice:
|
Now that you have access and authentication configured, it only makes sense to christen it with a name of your choice:
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user