Scp configuration examples, Network requirements, Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

302

SCP configuration examples

Unless otherwise noted, devices in the configuration example are in non-FIPS mode.
When you configure SCP on a device that operates in FIPS mode, follow these restrictions and

guidelines:

•

The modulus length of the key pair must be 2048 bits.

•

When the device acts as an SCP server, only RSA key pairs are supported. Do not generate a DSA
key pair on the SCP server.

Network requirements

As shown in

Figure 97

, you can log in to Switch B through the SCP client that runs on Switch A. After login,

you are assigned the user role network-admin and can securely transfer files with Switch B. Switch B uses

the password authentication method and the client 's username and password are saved on Switch B.

Figure 97 Network diagram

Configuration procedure

1.

Configure the SCP server:
# Generate RSA key pairs.

system-view

[SwitchB] public-key local create rsa

The range of public key size is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# Generate a DSA key pair.

[SwitchB] public-key local create dsa

The range of public key size is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*