There are many scenarios where we need to login to Brocade switch without a password. One of the scenarios is scripting, where you have multiple switches to log in, and you do not want to put a password in a text file. In that case, configuring Brocade public key authentication is helpful.
Brocade SSH Public Key Authentication helps you log in from Unix server without giving passwords. Brocade switch stores a public key, and when you try to login from the Unix server, it validates the key and allows SSH login.
Check out Brocade Interview Question.
In this post we will discuss, how to configure SSH public key authentication in Brocade SAN switch.
Below are the overall steps.
Step 1. Generate Public Key in Unix Server.
The first step is to generate a public key in the Unix server. If a public key file exists in the server, then you can use the same, instead of creating a new one. Go to .ssh directory and find for a file with name id_rsa.pub.
For example, if you are logging in with root account, then id_rsa.pub file may exist in the below path.
/root/.ssh/id_rsa.pub
If you are using a Unix account other than root, then the file may exist in the below path.
/home/unixuser/.ssh/id_rsa.pub
If you could not find any public key in the path, then you need to generate a new public key using ssh-keygen command.
Just follow the prompt and you should be able to generate a new public key in the Unix server.
anyuser@mymachine: ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/users/anyuser/.ssh/id_rsa ):
Type passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /users/anyuser/.ssh/id_rsa
Your public key has been saved in /users/anyuser/.ssh/id_rsa.pub.
The key fingerprint is: 32:9f:ae:b6:7f:7e:56:e4:b5:7a:21:f0:95:42:5c:d1
anyuser@mymachine
Step 2. Import the Public Key To Brocade Switch
Once you generate the public key in Unix server, log in to Brocade switch with the admin account. Now you need to import the SSH public key to the Brocade switch.
Please note that you can configure SSH key authentication in Brocade switch only with the admin account. The commands will throw errors in case you are using other accounts of Brocade switch.
To import the SSH public from Unix server to Brocade switch you need use “sshutil importpubkey” command.
switch:admin> sshutil importpubkey
Enter user name for whom key is imported: admin
Enter IP address:192.168.38.244
Remote directory:/home/unixuser/.ssh
Enter public key name(must have .pub suffix):id_rsa.pub
Enter login name: unixuser
Password:
Public key is imported successfully.
Step 3. Verify Brocade SSH Public Key Authentication
In step 2, if you see a message, Public key is imported successfully, then you are ready to verify the access.
Log in to the Unix server with the same account that is used to generate SSH public key. Try to SSH to brocade switch using below command.
ssh admin@SANSwitch
If ssh command does not asks for a password, then the set up for Brocade SSH public key authentication is successful.
Conclusion Configure SSH Brocade Public Key Authentication
Public key authentication is helpful to avoid dependency on password, which is better for security. You can even use a single server, to log in to multiple switches without a password.
Moreover, public key authentication is an efficient way if you are accessing Brocade switch via script.
In the comment section, let me know how you are using public key authentication. If you feel any steps is missing then, comment and I will add it.
For SAN switch training videos subscribe to our YouTube channel.