BigIron RX Series Configuration Guide 87353-1001810-01Configuring SSH 28Deactivating user authenticationAfter the SSH server on the device negotiates a session key and encryption method with theconnecting client, user authentication takes place. Brocade’s implementation of SSH supports DSAchallenge-response authentication and password authentication.With DSA challenge-response authentication, a collection of clients’ public keys are stored on thedevice. Clients are authenticated using these stored public keys. Only clients that have a privatekey that corresponds to one of the stored public keys can gain access to the device using SSH.With password authentication, users are prompted for a password when they attempt to log into thedevice (provided empty password logins are not allowed; refer to “Enabling empty password logins”on page 873). If there is no user account that matches the user name and password supplied bythe user, the user is not granted access.You can deactivate one or both user authentication methods for SSH. Note that deactivating bothauthentication methods essentially disables the SSH server entirely.To disable DSA challenge-response authentication.BigIron RX(config)# ip ssh key-authentication noSyntax: ip ssh key-authentication yes | noThe default is “yes”.To deactivate password authentication.BigIron RX(config)# ip ssh password-authentication noSyntax: ip ssh password-authentication no | yesThe default is “yes”.Enabling empty password loginsBy default, empty password logins are not allowed. This means that users with an SSH client arealways prompted for a password when they log into the device. To gain access to the device, eachuser must have a user name and password. Without a user name and password, a user is notgranted access. Refer to “Setting up local user accounts” on page 75 for information on setting upuser names and passwords on the device.If you enable empty password logins, users are not prompted for a password when they log in. Anyuser with an SSH client can log in without being prompted for a password.To enable empty password logins.BigIron RX(config)# ip ssh permit-empty-passwd yesSyntax: ip ssh permit-empty-passwd no | yesSetting the SSH port numberBy default, SSH traffic occurs on TCP port 22. You can change this port number. For example, thefollowing command changes the SSH port number to 2200.BigIron RX(config)# ip ssh port 2200