HP 5500 Ei 5500 Si Switch Series Configuration Guide

 306 
[SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0 
[SwitchA-Vlan-interface1] quit 
[SwitchA] quit 
{ If the client supports first-time authentication, you can directly establish a connection from the 
client to the server. 
# Establish an SSH connection to server 10.165.87.136. 
 ssh2 10.165.87.136 
Username: client001 
Trying 10.165.87.136 ... 
Press CTRL+K to abort 
Connected to 10.165.87.136 ... 
 
The Server is not authenticated. Continue? [Y/N]:y 
Do you want to save the server...

 307 
[SwitchA-pkey-public-key] peer-public-key end 
# Specify the host public key for the SSH server (10.165.87.136) as  key1. 
[SwitchA] ssh client authentication server 10.165.87.136 assign publicke\
y key1 
[SwitchA] quit 
# Establish an SSH connection to server 10.165.87.136. 
 ssh2 10.165.87.136 
Username: client001 
Trying 10.165.87.136 
Press CTRL+K to abort 
Connected to 10.165.87.136... 
Enter password:  
After you enter the correct password, you  can log in to Switch B successfully. 
When...

 308 
# Export the DSA public key to file key.pub. 
[SwitchA] public-key local export dsa ssh2 key.pub 
[SwitchA] quit 
Then, transmit the public key file  to the server through FTP or TFTP. 
2. Configure the SSH server: 
# Generate the RSA key pairs. 
 system-view 
[SwitchB] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]:...

 309 
# Specify the authentication method for user client002 as publickey , and assign the public key 
Switch001  to the user. 
[SwitchB] ssh user client002 service-type stelnet authentication-type pu\
blickey 
assign publickey Switch001 
3. Establish a connection between the  SSH client and the SSH server: 
# Establish an SSH connection to the server (10.165.87.136). 
 ssh2 10.165.87.136 
Username: client002 
Trying 10.165.87.136 ... 
Press CTRL+K to abort 
Connected to 10.165.87.136 ... 
 
The Server...

 310 
Configuring SFTP 
Overview 
The Secure File Transfer Protocol (SFTP) is a new feature in SSH2.0. 
SFTP uses the SSH connection to provide secure data transfer. The switch can serve as the SFTP server, 
allowing a remote user to log in to the SFTP server for secure file management and transfer. The switch 
can also serve as an SFTP client, enabling a user to log in from the switch to a remote device for secure 
file transfer. 
With SSH connection across VPNs, you can configur e the switch as an SFTP...

 311 
Step Command Remarks 
2.  Configure the SFTP 
connection idle timeout 
period.  sftp server idle-timeout 
time-out-value
  Optional. 
10 minutes by default. 
 
Configuring the switch as an SFTP client 
Specifying a source IP address or interface for the SFTP client 
You can configure a client to use only a specified source IP address or interface to access the SFTP server, 
enhancing the service manageability.   
To specify a source IP address or interface for the SFTP client: 
 
Step Command...

 312 
Task Command Remarks 
Establish a connection 
to the remote SFTP 
server and enter SFTP 
client view. 
• Establish a connection to the remote IPv4 SFTP 
server and enter SFTP client view: 
sftp  server  [ port-number  ] [ vpn-instance 
vpn-instance-name ] [ identity-key  { dsa | rsa } | 
prefer-ctos-cipher  { 3des | aes128  | des  } | 
prefer-ctos-hmac  { md5 | md5-96  | sha1 | 
sha1-96 } | prefer-kex  { dh-group-exchange  | 
dh-group1  | dh-group14  } | prefer-stoc-cipher  
{  3des  | aes128  |...

 313 
Step Command Remarks 
7.  Create a new directory on the 
remote SFTP server.  mkdir
 remote-path  Optional. 
8.  Delete one or more directories 
from the SFTP server.  rmdir 
remote-path &  Optional. 
 
Working with SFTP files 
SFTP file operations include: 
•  Changing the name of a file 
•   Downloading a file 
•   Uploading a file 
•   Displaying a list of the files 
•   Deleting a file 
To work with SFTP files: 
 
Step Command Remarks 
1.   Enter SFTP client view.  For more information, see...

 314 
Step Command Remarks 
2.  Display a list of all commands 
or the help information of an 
SFTP client command.  help 
[ all | command-name  ]  N/A 
 
Terminating the connection to the remote SFTP server  
Step Command Remarks 
1.  Enter SFTP client view.  For more information, see 

Establishing a connection to the 
SFTP server .  Execute the command in user 
view. 
2.  Terminate the connection to 
the remote SFTP server and 
return to user view. • bye 
• exit 
• quit  Use any of the commands....

 315 
 IMPORTANT: 
During SFTP server configuration, the client public ke
y is required. Use the client software to generate RS
A
key pairs on the client before configuring the SFTP server.  
1. Configure the SFTP client: 
# Create VLAN-interface 1 and assign an IP address to it. 
 system-view 
[SwitchA] interface vlan-interface 1 
[SwitchA-Vlan-interface1] ip address 192.168.0.2 255.255.255.0 
[SwitchA-Vlan-interface1] quit 
# Generate the RSA key pairs. 
[SwitchA] public-key local create rsa 
The range...