From 8ce746b0fb66fc40ab64f7e022a2a9212e4be24c Mon Sep 17 00:00:00 2001 From: markovanderpuil Date: Sun, 10 Sep 2023 16:43:01 +0200 Subject: [PATCH] Update icx6xxx-adv.md Added stuff about BEGIN SSH2 PUBLIC KEY Added stuff about .ssh/config options --- docs/icx6xxx-adv.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/icx6xxx-adv.md b/docs/icx6xxx-adv.md index 608bccd..ff82a77 100644 --- a/docs/icx6xxx-adv.md +++ b/docs/icx6xxx-adv.md @@ -121,12 +121,32 @@ ip ssh interactive-authentication no Now we have to generate our key pair with [puttygen](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) on windows or ```ssh-keygen -t rsa``` on linux. The default settings of RSA @ 2048 bits works without issue. Generate the pair and save out both the public and private key. >The ICX6xxx series do *not* support 4096 bit keys - when using `ssh-keygen` or `puttygen` etc, you must create 2048 bit keys. +For the Brocade to accept your public key file it should start with: +``` +---- BEGIN SSH2 PUBLIC KEY ---- +``` +and end with: +``` +---- END SSH2 PUBLIC KEY ---- +``` +Add those manually if it doesn't. + Copy the public key file to your TFTP server. Then use the following command to import it into your switch: ``` ip ssh pub-key-file tftp 192.168.1.8 public.key ``` You shouldn't need to be told basic key management if you're following this section, but just in case - copy your private key to the proper location on the *nix machine you'll be SSH'ing from, or if you're on windows, load it using [pageant](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html). Now when you SSH to the switch, it will authenticate using your private key. +On linux and Mac Os X you'll want to add these lines to your ```~\.ssh\config``` file. IdentitiesOnly is to prevent ssh-agent from offering any other bigger (> 2048) keys first that will terminate the connection negotiation early. IdentityFile will use only this key for this connection. KexAlgorithms sets a key exchange algorithm both systems support. + +``` +Host + IdentitiesOnly yes + IdentityFile ~/.ssh/private_key + KexAlgorithms +diffie-hellman-group1-sha1 +``` + + ## Name & Ditching The Serial Cable Now that you have access and authentication configured, it only makes sense to christen it with a name of your choice: ```