SSH configuration for Brocade MLX
Written by Arnaud no commentsEnable SSH
crypto key generate rsa modulus 2048 write mem sync-standby
Disable SSH
This is definitely a bad idea!
The "best" to disable ssh, is to remove the host keys :
crypto key zeroize
Aha, you should disable telnet (but it's not enableb by default,unlike cisco!) :
no telnet server
Add a public key to log in without password
You have to "convert" manually your public key :
cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA88pt28yU5jq4KZQ88nKsl2iYMhxatRv742Ak52c8/qIqivw+Drs9/r4ggnjCBrQ8+nycmc3Qe DsAa7ci3bXUYebYHAuNbOF9QKJst2SquFSGUu5kGGDxNhdiYdVVuqH/DEzXN+CXaLexykSPfe/YpHRhHVK4Zhv1Vbr8pmLTtaOBep dCUE+s9anqzDHRIfm6b/3XJSLlXx95mi4Yj/0BEM6SYHzsAr0jhlfvbA84HZpzQBrEi7dHrylm6UDtPXSWkZq3Ki+rMED6ZUUjWVL O0YuVq5NJi9EkgbVSbhK+hr9BndLOpl0jUrjxHT4mtz7p+RTM5Wm3G7AB54LzNhxHWQ== afenioux@franceix.net
becomes :
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "afenioux@franceix.net" AAAAB3NzaC1yc2EAAAABIwAAAQEA88pt28yU5jq4KZQ88nKsl2iYMhxatRv742Ak52c8/qIqivw+Drs9/r4ggnjCBrQ8+nycmc3Qe DsAa7ci3bXUYebYHAuNbOF9QKJst2SquFSGUu5kGGDxNhdiYdVVuqH/DEzXN+CXaLexykSPfe/YpHRhHVK4Zhv1Vbr8pmLTtaOBep dCUE+s9anqzDHRIfm6b/3XJSLlXx95mi4Yj/0BEM6SYHzsAr0jhlfvbA84HZpzQBrEi7dHrylm6UDtPXSWkZq3Ki+rMED6ZUUjWVL O0YuVq5NJi9EkgbVSbhK+hr9BndLOpl0jUrjxHT4mtz7p+RTM5Wm3G7AB54LzNhxHWQ== ---- END SSH2 PUBLIC KEY ----
You have to put ALL the allowed public keys in the same file, they will be deleted otherwise!
ip ssh pub-key-file tftp 10.10.10.10 pkeys.txt
Remove all the clients keys :
ip ssh pub-key remove
ACL on SSH
access-list 22 permit host 192.0.2.1 access-list 22 permit 10.10.0.0/16 ssh access-group 22
and obviously we think to l'IPv6
ipv6 access-list acl-ssh-in permit ipv6 2001:db8::/32 any exit ssh access-group ipv6 acl-ssh-in
About SSH
see actives connections :
sh ip ssh
see parameters :
sh ip ssh config
list of authorized (public) keys :
sh ip client-pub-key
SCP
SCP is enable by default... just use it!