Brocade ICX 6650 Security Configuration Guide 67
53-1002601-01
SSH2 authentication types
The generate keyword places an RSA host key pair in the flash memory and enables SSH on the
device, if it is not already enabled.
The optional [modulus modulus-size] parameter specifies the modulus size of the RSA key pair, in
bits. The valid values for modulus-size are 1024 or 2048. The default value is 1024.
The zeroize keyword deletes the RSA host key pair from the flash memory. This disables SSH if no
other authentication keys exist on the device.
The rsa keyword specifies an RSA host key pair.

Deleting DSA and RSA key pairs

To delete DSA and RSA key pairs from the flash memory, enter the following command:
Brocade(config)# crypto key zeroize
Syntax: crypto key zeroize
The zeroize keyword deletes the host key pair from the flash memory. This disables SSH.

Providing the public key to clients

The host DSA or RSA key pair is stored in the system-config file of the Brocade device. Only the
public key is readable. Some SSH client programs add the public key to the known hosts file
automatically. In other cases, you must manually create a known hosts file and place the public key
of the Brocade device in it.
If you are using SSH to connect to a Brocade device from a UNIX system, you may need to add the
public key on the Brocade device to a “known hosts” file on the client UNIX system; for example,
$HOME/.ssh/known_hosts. The following is an example of an entry in a known hosts file.
Configuring DSA or RSA challenge-response authentication
With DSA or RSA challenge-response authentication, a collection of clients’ public keys are stored
on the Brocade device. Clients are authenticated using these stored public keys. Only clients that
have a private key that corresponds to one of the stored public keys can gain access to the device
using SSH.
When DSA or RSA challenge-response authentication is enabled, the following events occur when a
client attempts to gain access to the device using SSH:
AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET
W6ToHv8D1UJ/
z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH YI14Om
1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5cv
wHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9v
GfJ0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA
vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB
AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS
n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5
sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV