Configuring DSA or RSA challenge-response authentication

With DSA or RSA challenge-response authentication, a collection of clients’ public keys are stored on the Ruckus device. Clients are authenticated using these stored public keys. Only clients that have a private key that corresponds to one of the stored public keys can gain access to the device using SSH.

When DSA or RSA challenge-response authentication is enabled, the following events occur when a client attempts to gain access to the device using SSH:

  1. The client sends its public key to the Ruckus device.
  2. The Brocade device compares the client public key to those stored in memory.
  3. If there is a match, the Ruckus device uses the public key to encrypt a random sequence of bytes.
  4. The Ruckus device sends these encrypted bytes to the client.
  5. The client uses its private key to decrypt the bytes.
  6. The client sends the decrypted bytes back to the Ruckus device.
  7. The Ruckus device compares the decrypted bytes to the original bytes it sent to the client. If the two sets of bytes match, it means that the client private key corresponds to an authorized public key, and the client is authenticated.

    Setting up DSA or RSA challenge-response authentication consists of the following steps.

Parent topic: SSH2 authentication types