HP A 5120 Manual

 
231 
SFTP configuration 
SFTP overview 
The Secure File Transfer Protocol (SFTP) is a new feature in SSH2.0. 
SFTP uses  the  SSH  connection  to  provide secure  data  transfer.  The  device  can  serve  as the SFTP  server, 
allowing  a remote  user to log in to  the  SFTP  server for secure file management  and  transfer. The  device 
can  also  server  as  an  SFTP client,  enabling a  user to login from  the  device to  a remote  device for  secure 
file transfer. 
Configuring the device as an...

 
232 
To do… Use the command… Remarks 
Enter system view system-view — 
Configure the SFTP connection 
idle timeout period 
sftp server idle-timeout time-out-
value 
Optional 
10 minutes by default 
 
Configuring the device an SFTP client 
Specifying a source IP address or interface for the SFTP client 
You can configure a client to use only a specified source IP address or interface to access the SFTP server, 
enhancing the service manageability.   
Follow these steps to specify a source IP address or...

 
233 
To do… Use the command… Remarks 
Establish a 
connection to 
the remote IPv6 
SFTP server 
and enter SFTP 
client view 
sftp ipv6 server [ port-number ] [ identity-key { dsa | 
rsa } | prefer-ctos-cipher { 3des | aes128 | des } | 
prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-
96 } | prefer-kex { dh-group-exchange | dh-
group1 | dh-group14 } | prefer-stoc-cipher { 3des 
| aes128 | des } | prefer-stoc-hmac { md5 | md5-
96 | sha1 | sha1-96 } ] * 
 
Working with SFTP directories 
SFTP directory...

 
234 
 Displaying a list of the files 
 Deleting a file 
Follow these steps to work with SFTP files: 
To do… Use the command… Remarks 
Enter SFTP client view 
For more information, see 
―Establishing a connection to the 
SFTP server.‖ 
Required 
Execute the command in user 
view. 
Change the name of a specified 
file or directory on the SFTP server rename old-name new-name Optional 
Download a file from the remote 
server and save it locally get remote-file [ local-file ] Optional 
Upload a local file...

 
235 
To do… Use the command… Remarks 
user view quit These three commands function in 
the same way. 
 
SFTP client configuration example 
Network requirements 
As  shown  in Figure  69,  an  SSH  connection  is  established  between  Switch A  and  Switch B.  Switch A,  an 
SFTP  client, logs in  to  Switch B  for  file  management  and  file  transfer. An SSH  user  uses publickey 
authentication with the public key algorithm being RSA. 
Figure 69 Network diagram for SFTP client configuration...

 
236 
Then, transmit the public key file to the server through FTP or TFTP. 
2. Configure the SFTP server 
# Generate the RSA key pairs. 
 system-view 
[SwitchB] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Generate a DSA key pair. 
[SwitchB] public-key local...

 
237 
# For  user client001, set the  service  type as SFTP, authentication  method  as publickey, public  key as 
Switch001, and working folder as flash:/ 
[SwitchB] ssh  user  client001 service-type  sftp authentication-type  publickey  assign 
publickey Switch001 work-directory flash:/ 
3. Establish a connection between the SFTP client and the SFTP server 
# Establish a connection to the remote SFTP server and enter SFTP client view. 
 sftp 192.168.0.1 identity-key rsa 
Input Username: client001...

 
238 
drwxrwxrwx   1 noone    nogroup         0 Sep 02 06:30 new1 
# Rename directory new1 to new2 and check if the directory has been renamed successfully. 
sftp-client> rename new1 new2 
File successfully renamed 
sftp-client> dir 
-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg 
-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2 
-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey 
drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new 
-rwxrwxrwx   1 noone...

 
239 
Figure 70 Network diagram for SFTP server configuration 
 
 
Configuration procedure 
1. Configure the SFTP server 
# Generate the RSA key pairs. 
 system-view 
[Switch] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Generate a DSA key pair. 
[Switch]...

 
240 
[Switch-ui-vty0-4] protocol inbound ssh 
[Switch-ui-vty0-4] quit 
# Configure a  local  user  named client002 with the password being aabbcc and the service  type being 
SSH. 
[Switch] local-user client002 
[Switch-luser-client002] password simple aabbcc 
[Switch-luser-client002] service-type ssh 
[Switch-luser-client002] quit 
# Configure the user authentication method as password and service type as SFTP. 
[Switch] ssh user client002 service-type sftp authentication-type password 
2. Establish a...