Fabric OS Administrator’s Guide 121
53-1001763-02
Secure Shell protocol 6
Example of RSA/DSA key pair generation
alloweduser@mymachine: ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/users/alloweduser/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /users/alloweduser/.ssh/id_dsa.
Your public key has been saved in /users/alloweduser/.ssh/id_dsa.pub.
The key fingerprint is:
32:9f:ae:b6:7f:7e:56:e4:b5:7a:21:f0:95:42:5c:d1 alloweduser@mymachine
5. Import the public key to the switch by logging in to the switch as the allowed-user and entering
the sshUtil importpubkey command to import the key.
Example of adding the public key to the switch
switch:alloweduser> sshutil importpubkey
Enter IP address:192.168.38.244
Enter remote directory:~auser/.ssh
Enter public key name(must have .pub suffix):id_dsa.pub
Enter login name:auser
Password:
Public key is imported successfully.
6. Generate a key pair for switch-to-host (outgoing) authentication by logging in to the switch as
the allowed user and entering the sshUtil genkey command.
You may enter a passphrase for additional security.
Example of generating a key pair on the switch
switch:alloweduser> sshutil genkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Key pair generated successfully.
7. Export the public key to the host by logging in to the switch as the allowed-user and entering
the sshUtil exportpubkey command to export the key.
Example of exporting a public key from the switch
switch:kghanta> sshutil exportpubkey
Enter IP address:192.168.38.244
Enter remote directory:~auser/.ssh
Enter login name:auser
Password:
public key out_going.pub is exported successfully.
8. Append the public key to a remote host by logging in to the remote host, locating the directory
where authorized keys are stored, and appending the public key to the file.
You may need to refer to the host’s documentation to locate where the authorized keys are
stored.
9. Test the setup by using a command that uses SCP and authentication, such as
firmwareDownload or configUpload.