Skip to main content

Brocade Fabric OS networking equipment (SSH)

Connector name

agtfabricos

Connector type

PSLang script

Type (UI field value)

Brocade Fabric OS networking equipment (SSH)

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

Installation / setup

Bravura Security Fabric performs operations on Brocade Fabric OS networking equipment using the agtfabricos connector. This connector consists of a PSLang script, agtfabricos.psl and a scripted platform definition file, agtfabricos-ssh.con, that associates the script with the SSH connector (agtssh) to access Fabric OS via SSH.

The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):

  • user verify password

  • verify+reset password

  • create account

  • delete account

  • disable account

  • enable account

  • get server information

  • List:

    • accounts

    • attributes

For a full list and explanation of each connector operation, see connector operations.

See also

  • Alternatively, the agtfabricos-telnet.con file associates the script with the Telnet connector (agttelnet) to access Fabric OS via Telnet. See Brocade Fabric OS networking equipment for details about this method.

  • See Secure Shell for details about agtssh .

Targeting the Brocade Fabric OS networking equipment system

For each Brocade Fabric OS networking equipment system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).

  • Type is Brocade Fabric OS networking equipment (SSH).

  • Address uses options described in the table below.

  • The administrative credentials must be the built-in "root" account on the Brocade Fabric OS networking equipment.

The full list of target parameters is explained in Target System Options .

Table 1. Brocade Fabric OS (SSH) address configuration

Option

Description

Options marked with a redstar.png are required.

Script file redstar.png

Must be set to agtfabricos.psl

(key: script)

Server redstar.png

The IP address/domain name of the Brocade Fabric OS networking equipment.

(key: server)

Target system’s internal hostname or prompt redstar.png

This is the internally-defined host name that, along with the logged in user’s name, comprises the Fabric OS prompt. The script generates the expected prompt using this value, then uses the generated prompt to know when commands have completed.

(key: name)

Advanced

Port

TCP Port number. Default is 22.

(key: port)

Compression

Select to enable data compression for SSH connections. Default is false.

(key: compression)

Action for host keys

Select AllowAppend (default) or DenyUnmatch. For new targets, AllowAppend is recommended.

AllowAppend connects to SSH hosts whose public host keys have been previously recorded and have not been changed, and to SSH hosts whose keys have not been previously recorded. It will reject SSH hosts whose keys were previously recorded but have changed.

DenyUnmatch only connects to SSH hosts whose public host keys have been previously recorded and have not been changed. It will reject SSH hosts whose keys have not been previously recorded or were previously recorded but have changed.

(key: hostkeys)

Host keys file

Specify the name of the public host key file. It must be located in the \<instance>\script\ directory.

The file consists of a KVGroup with an entry that contains the host information as the key and the hostkey as the value. This information can be extracted from the PuTTY registry entries (HKEY_CURRENT_USER \Software\SimonTatham\PuTTY\SshHostKeys) where "Name" corresponds to the key and "Data" corresponds to the value.

(key: file)

Authentication key file

This is a generic SSH target field that is ignored for Fabric OS target systems. Login must be done with username and password.

Timeout for connection

Amount of time the connector will wait for a response.

(key: timeout)



Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts on Brocade Fabric OS networking equipment.

Consult the documentation included with your specific application to learn how to create an account to use as a template in Bravura Security Fabric . You can then add account attributes to determine how new accounts should be created based on the template account’s parameters.

Note that Bravura Security Fabric still requires a template account, even though attributes may or may not be copied from the template account, for example, if the configured action for all account attributes is Set .

Handling account attributes

In order for Bravura Security Fabric to manage attributes, you must first add the attributes to Bravura Security Fabric .

See Account attributes in the Bravura Security Fabric configuration documentation for more information.

Note that:

  • Role must be one of "admin", "switchadmin", or "user".

  • Maximum length of the description is 40 characters

  • There is a maximum of 15 created accounts.

In this section: