beautypg.com

Sftp configuration examples, Network requirements – H3C Technologies H3C S6300 Series Switches User Manual

Page 311

background image

296

[SwitchB-line-vty0-63] authentication-mode scheme

[SwitchB-line-vty0-63] quit

# Import the peer public key from the file key.pub, and name it switchkey.

[SwitchB] public-key peer switchkey import sshkey key.pub

# Create an SSH user client002 with the authentication method publickey, and assign the public
key switchkey to the user.

[SwitchB] ssh user client002 service-type stelnet authentication-type publickey

assign publickey switchkey

# Create a local device management user client002 with the service type ssh and the user role

network-admin.

[SwitchB] local-user client002 class manage

[SwitchB-luser-manage-client002] service-type ssh

[SwitchB-luser-manage-client002] authorization-attribute user-role network-admin

[SwitchB-luser-manage-client002] quit

3.

Establish an SSH connection to the Stelnet server 192.168.1.40.

ssh2 192.168.1.40

Username: client002

The server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:n

Select Yes to access the server and download the server's host public key. At the next connection
attempt, the client authenticates the server by using the saved server's host public key on the client.

SFTP configuration examples

Unless otherwise noted, devices in the configuration examples are in non-FIPS mode.
When you configure SFTP on a device that operates in FIPS mode, follow these restrictions and

guidelines:

The modulus length of the key pair must be 2048 bits.

When the device acts as an SFTP server, only RSA key pairs are supported. Do not generate a DSA
key pair on the SFTP server.

Password authentication enabled SFTP server configuration
example

Network requirements

As shown in

Figure 94

, you can log in to the switch through the SFTP client that runs on the host and are

assigned the user role network-admin to execute file management and transfer operations. The switch

acts as the SFTP server and uses password authentication. The username and password of the client are

saved on the switch.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: