Brocade Communications Systems 53-1001763-02 사용자 설명서
Fabric OS Administrator’s Guide
119
53-1001763-02
Secure Shell protocol
6
Setting up SCP for configUploads and downloads
1. Log in to the switch as admin.
2. Type the configure command.
3. Type y or yes at the cfgload attributes prompt.
4. Type y or yes at the Enforce secure configUpload/Download prompt.
Example of setting up SCP for configUpload/download
switch:admin> configure
Not all options will be available on an enabled switch.
To disable the switch, use the "switchDisable" command.
To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no] n
ssl attributes (yes, y, no, n): [no] n
http attributes (yes, y, no, n): [no] n
snmp attributes (yes, y, no, n): [no] n
rpcd attributes (yes, y, no, n): [no] n
cfgload attributes (yes, y, no, n): [no] y
ssl attributes (yes, y, no, n): [no] n
http attributes (yes, y, no, n): [no] n
snmp attributes (yes, y, no, n): [no] n
rpcd attributes (yes, y, no, n): [no] n
cfgload attributes (yes, y, no, n): [no] y
Enforce secure config Upload/Download (yes, y, no, n): [no] y
Enforce signature validation for firmware (yes, y, no, n): [no]
Enforce signature validation for firmware (yes, y, no, n): [no]
Secure Shell protocol
To ensure security, Fabric OS supports secure shell (SSH) encrypted sessions. SSH encrypts all
messages, including the client transmission of the password during login. The SSH package
contains a daemon (sshd), which runs on the switch. The daemon supports a wide variety of
encryption algorithms, such as Blowfish-Cipher block chaining (CBC) and Advanced Encryption
Standard (AES).
messages, including the client transmission of the password during login. The SSH package
contains a daemon (sshd), which runs on the switch. The daemon supports a wide variety of
encryption algorithms, such as Blowfish-Cipher block chaining (CBC) and Advanced Encryption
Standard (AES).
NOTE
To maintain a secure network, you should avoid using Telnet or any other unprotected application
when you are working on the switch.
To maintain a secure network, you should avoid using Telnet or any other unprotected application
when you are working on the switch.
The File Transfer Protocol (FTP) is also not secure. When you use FTP to copy files to or from the
switch, the contents are in clear text. This includes the remote FTP server's login and password.
Some example commands of this limitation are: supportSave -k, configUpload, configDownload, and
firmwareDownload.
switch, the contents are in clear text. This includes the remote FTP server's login and password.
Some example commands of this limitation are: supportSave -k, configUpload, configDownload, and
firmwareDownload.
Commands that require a secure login channel must originate from an SSH session. If you start an
SSH session, and then use the login command to start a nested SSH session, commands that
require a secure channel will be rejected.
SSH session, and then use the login command to start a nested SSH session, commands that
require a secure channel will be rejected.
Fabric OS v6.1.0 and later support OpenSSH protocol v2.0 (ssh2). For more information on SSH,
refer to the SSH IETF Web site:
refer to the SSH IETF Web site:
For more information, refer to SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett,
Ph. D., Richard E. Silverman, and Robert G. Byrnes.
Ph. D., Richard E. Silverman, and Robert G. Byrnes.