HP A 5120 Manual

Download as PDF Print this page Share this page

Have a look at the manual HP A 5120 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

View all the pages

Add page 241 to Favourites

image text

Enable zoom

231
SFTP configuration
SFTP overview
The Secure File Transfer Protocol (SFTP) is a new feature in SSH2.0.
SFTP uses the SSH connection to provide secure data transfer. The device can serve as the SFTP server,
allowing a remote user to log in to the SFTP server for secure file management and transfer. The device
can also server as an SFTP client, enabling a user to login from the device to a remote device for secure
file transfer.
Configuring the device as an SFTP server
Configuration prerequisites
Before you configure this task, complete the following tasks:
 Configure the SSH server.
 Use the ssh user service-type command to set the service type of SSH users to sftp or all.
For more information about the configuration procedures, see the chapter ―SSH configuration.‖
Enabling the SFTP server
This configuration task will enable the SFTP service so that a client can log in to the SFTP server through
SFTP.
Follow these steps to enable the SFTP server:
To do… Use the command… Remarks
Enter system view system-view —
Enable the SFTP server sftp server enable Required
Disabled by default

NOTE:
When the device functions as the SFTP server, only one client can access the SFTP server at a time. If the
SFTP client uses WinSCP, a file on the server cannot be modified directly; it can only be downloaded to
a local place, modified, and then uploaded to the server.
Configuring the SFTP connection idle timeout period
Once the idle period of an SFTP connection exceeds the specified threshold, the system automatically
tears the connection down.
Follow these steps to configure the SFTP connection idle timeout period:

Add page 242 to Favourites

image text

Enable zoom

							 
232 
To do… Use the command… Remarks 
Enter system view system-view — 
Configure the SFTP connection 
idle timeout period 
sftp server idle-timeout time-out-
value 
Optional 
10 minutes by default 
 
Configuring the device an SFTP client 
Specifying a source IP address or interface for the SFTP client 
You can configure a client to use only a specified source IP address or interface to access the SFTP server, 
enhancing the service manageability.   
Follow these steps to specify a source IP address or interface for the SFTP client: 
To do… Use the command… Remarks 
Enter system view system-view — 
Specify a 
source IP 
address or 
interface for the 
SFTP client 
Specify a 
source IPv4 
address or 
interface for the 
SFTP client 
sftp client source { ip ip-address | 
interface interface-type interface-
number }  
Required 
Use either command. 
By default, an SFTP client uses the 
IP address of the interface 
specified by the route of the 
device to access the SFTP server. 
Specify a 
source IPv6 
address or 
interface for the 
SFTP client 
sftp client ipv6 source { ipv6 ipv6-
address | interface interface-type 
interface-number } 
 
Establishing a connection to the SFTP server 
This configuration task will enable the SFTP client to establish a connection to the remote SFTP server and 
enter SFTP client view. 
Follow these steps to enable the SFTP client: 
To do… Use the command… Remarks 
Establish a 
connection to 
the remote SFTP 
server and 
enter SFTP 
client view 
Establish a 
connection to 
the remote IPv4 
SFTP server 
and enter SFTP 
client view 
sftp server [ port-number ] [identity-key { dsa | rsa } 
| prefer-ctos-cipher { 3des | aes128 | des } | 
prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-
96 } | prefer-kex { dh-group-exchange | dh-
group1 | dh-group14 } | prefer-stoc-cipher { 3des 
| aes128 | des } | prefer-stoc-hmac { md5 | md5-
96 | sha1 | sha1-96 } ] * 
Required 
Use either 
command in 
user view.

Add page 243 to Favourites

image text

Enable zoom

							 
233 
To do… Use the command… Remarks 
Establish a 
connection to 
the remote IPv6 
SFTP server 
and enter SFTP 
client view 
sftp ipv6 server [ port-number ] [ identity-key { dsa | 
rsa } | prefer-ctos-cipher { 3des | aes128 | des } | 
prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-
96 } | prefer-kex { dh-group-exchange | dh-
group1 | dh-group14 } | prefer-stoc-cipher { 3des 
| aes128 | des } | prefer-stoc-hmac { md5 | md5-
96 | sha1 | sha1-96 } ] * 
 
Working with SFTP directories 
SFTP directory operations include: 
 Changing or displaying the current working directory 
 Displaying files under a specified directory or the directory information 
 Changing the name of a specified directory on the server 
 Creating or deleting a directory 
Follow these steps to work with the SFTP directories: 
To do… Use the command… Remarks 
Enter SFTP client view 
For more information, see 
―Establishing a connection to the 
SFTP server.‖ 
Required 
Execute the command in user 
view. 
Change the working directory of 
the remote SFTP server cd [ remote-path ] Optional 
Return to the upper-level directory cdup Optional 
Display the current working 
directory of the remote SFTP 
server 
pwd Optional 
Display files under a specified 
directory 
dir [ -a | -l ] [ remote-path ] Optional 
The dir command functions as the 
ls command. ls [ -a | -l ] [ remote-path ] 
Change the name of a specified 
directory on the SFTP server rename oldname newname Optional 
Create a new directory on the 
remote SFTP server mkdir remote-path Optional 
Delete one or more directories 
from the SFTP server rmdir remote-path& Optional 
 
Working with SFTP files 
SFTP file operations include: 
 Changing the name of a file 
 Downloading a file 
 Uploading a file

Add page 244 to Favourites

image text

Enable zoom

							 
234 
 Displaying a list of the files 
 Deleting a file 
Follow these steps to work with SFTP files: 
To do… Use the command… Remarks 
Enter SFTP client view 
For more information, see 
―Establishing a connection to the 
SFTP server.‖ 
Required 
Execute the command in user 
view. 
Change the name of a specified 
file or directory on the SFTP server rename old-name new-name Optional 
Download a file from the remote 
server and save it locally get remote-file [ local-file ] Optional 
Upload a local file to the remote 
SFTP server put local-file [ remote-file ] Optional 
Display the files under a specified 
directory 
dir [ -a | -l ] [ remote-path ] Optional 
The dir command functions as the 
ls command. ls [ -a | -l ] [ remote-path ] 
Delete one or more directories 
from the SFTP server 
delete remote-file& Optional 
The delete command functions as 
the remove command. remove remote-file& 
 
Displaying help information 
This  configuration  task will display a  list  of  all  commands  or the  help  information  of an SFTP  client 
command, such as the command format and parameters. 
Follow these steps to display a list of all commands or the help information of an SFTP client command: 
To do… Use the command… Remarks 
Enter SFTP client view 
For more information, see 
―Establishing a connection to the 
SFTP server.‖ 
Required 
Execute the command in user 
view. 
Display a list of all commands or 
the help information of an SFTP 
client command 
help [ all | command-name ] Required 
 
Terminating the connection to the remote SFTP server 
Follow these steps to terminate the connection to the remote SFTP server: 
To do… Use the command… Remarks 
Enter SFTP client view 
For more information, see 
―Establishing a connection to the 
SFTP server.‖ 
Required 
Execute the command in user 
view. 
Terminate the connection to the 
remote SFTP server and return to 
bye Required 
Use any of the commands. exit

Add page 245 to Favourites

image text

Enable zoom

							 
235 
To do… Use the command… Remarks 
user view quit These three commands function in 
the same way. 
 
SFTP client configuration example 
Network requirements 
As  shown  in Figure  69,  an  SSH  connection  is  established  between  Switch A  and  Switch B.  Switch A,  an 
SFTP  client, logs in  to  Switch B  for  file  management  and  file  transfer. An SSH  user  uses publickey 
authentication with the public key algorithm being RSA. 
Figure 69 Network diagram for SFTP client configuration 
 
 
Configuration procedure 
 
 NOTE: 
During SFTP server configuration, the client public key is required. Use the client software to generate 
RSA key pairs on the client before configuring the SFTP server.  
1. Configure the SFTP client 
# Create VLAN-interface 1 and assign an IP address to it. 
 system-view 
[SwitchA] interface vlan-interface 1 
[SwitchA-Vlan-interface1] ip address 192.168.0.2 255.255.255.0 
[SwitchA-Vlan-interface1] quit 
# Generate the RSA key pairs. 
[SwitchA] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Export the host public key to file pubkey. 
[SwitchA] public-key local export rsa ssh2 pubkey 
[SwitchA] quit SFTP serverSFTP client
Switch BSwitch A
Vlan-int1192.168.0.1/24Vlan-int1192.168.0.2/24

Add page 246 to Favourites

image text

Enable zoom

							 
236 
Then, transmit the public key file to the server through FTP or TFTP. 
2. Configure the SFTP server 
# Generate the RSA key pairs. 
 system-view 
[SwitchB] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Generate a DSA key pair. 
[SwitchB] public-key local create dsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 
+++++++++++++++++++++++++++++++++++ 
# Enable the SSH server. 
[SwitchB] ssh server enable 
# Enable the SFTP server. 
[SwitchB] sftp server enable 
# Configure an  IP  address for VLAN-interface 1,  which  the  SSH  client uses  as  the  destination  for  SSH 
connection. 
[SwitchB] interface vlan-interface 1 
[SwitchB-Vlan-interface1] ip address 192.168.0.1 255.255.255.0 
[SwitchB-Vlan-interface1] quit 
# Set the authentication mode on the user interfaces to AAA.  
[SwitchB] user-interface vty 0 4 
[SwitchB-ui-vty0-4] authentication-mode scheme 
# Set the protocol that a remote user uses to log in as SSH. 
[SwitchB-ui-vty0-4] protocol inbound ssh 
[SwitchB-ui-vty0-4] quit 
# Import the peer public key from the file pubkey. 
[SwitchB] public-key peer Switch001 import sshkey pubkey

Add page 247 to Favourites

image text

Enable zoom

							 
237 
# For  user client001, set the  service  type as SFTP, authentication  method  as publickey, public  key as 
Switch001, and working folder as flash:/ 
[SwitchB] ssh  user  client001 service-type  sftp authentication-type  publickey  assign 
publickey Switch001 work-directory flash:/ 
3. Establish a connection between the SFTP client and the SFTP server 
# Establish a connection to the remote SFTP server and enter SFTP client view. 
 sftp 192.168.0.1 identity-key rsa 
Input Username: client001 
Trying 192.168.0.1 ... 
Press CTRL+K to abort 
Connected to 192.168.0.1 ... 
 
The Server is not authenticated. Continue? [Y/N]:y 
Do you want to save the server public key? [Y/N]:n 
 
sftp-client> 
#  Display  files  under  the  current  directory  of the  server, delete  the  file named z,  and check if the  file has 
been deleted successfully. 
sftp-client> dir 
-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg 
-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2 
-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey 
drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new 
-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub 
-rwxrwxrwx   1 noone    nogroup         0 Sep 01 08:00 z 
sftp-client> delete z 
The following File will be deleted: 
/z 
Are you sure to delete it? [Y/N]:y 
This operation might take a long time.Please wait... 
 
File successfully Removed 
sftp-client> dir 
-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg 
-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2 
-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey 
drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new 
-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub 
# Add a directory named new1 and check if it has been created successfully. 
sftp-client> mkdir new1 
New directory created 
sftp-client> dir 
-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg 
-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2 
-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey 
drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new 
-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub

Add page 248 to Favourites

image text

Enable zoom

							 
238 
drwxrwxrwx   1 noone    nogroup         0 Sep 02 06:30 new1 
# Rename directory new1 to new2 and check if the directory has been renamed successfully. 
sftp-client> rename new1 new2 
File successfully renamed 
sftp-client> dir 
-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg 
-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2 
-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey 
drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new 
-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub 
drwxrwxrwx   1 noone    nogroup         0 Sep 02 06:33 new2 
# Download the pubkey2 file from the server and save it as local file public. 
sftp-client> get pubkey2 public 
Remote  file:/pubkey2 --->  Local file: public 
Downloading file successfully ended 
#  Upload the local  file pu to  the  server,  save  it  as puk,  and  check if the  file has  been uploaded 
successfully. 
sftp-client> put pu puk 
Local file:pu --->  Remote file: /puk 
Uploading file successfully ended 
sftp-client> dir 
-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg 
-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2 
-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey 
drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new 
drwxrwxrwx   1 noone    nogroup         0 Sep 02 06:33 new2 
-rwxrwxrwx   1 noone    nogroup       283 Sep 02 06:35 pub 
-rwxrwxrwx   1 noone    nogroup       283 Sep 02 06:36 puk 
sftp-client> 
# Terminate the connection to the remote SFTP server. 
sftp-client> quit 
Bye 
Connection closed. 
 
SFTP server configuration example 
Network requirements 
As  shown  in Figure  70,  an  SSH  connection  is  established  between the  host and the  switch. The  host,  an 
SFTP  client, logs in to the  switch for  file  management  and  file  transfer. An SSH  user  uses password 
authentication  with  the username client002 and the password aabbcc.  The  username  and  password  are 
saved on the switch.

Add page 249 to Favourites

image text

Enable zoom

							 
239 
Figure 70 Network diagram for SFTP server configuration 
 
 
Configuration procedure 
1. Configure the SFTP server 
# Generate the RSA key pairs. 
 system-view 
[Switch] public-key local create rsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++ 
++++++++++++++ 
+++++ 
++++++++ 
# Generate a DSA key pair. 
[Switch] public-key local create dsa 
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
It will take a few minutes. 
Press CTRL+C to abort. 
Input the bits of the modulus[default = 1024]: 
Generating Keys... 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 
+++++++++++++++++++++++++++++++++++ 
# Enable the SSH server. 
[Switch] ssh server enable 
# Enable the SFTP server. 
[Switch] sftp server enable 
# Configure an  IP  address for  VLAN-interface  1, which  the  client  will use  as  the  destination  for  SSH 
connection. 
[Switch] interface vlan-interface 1 
[Switch-Vlan-interface1] ip address 192.168.1.45 255.255.255.0 
[Switch-Vlan-interface1] quit 
# Set the authentication mode of the user interfaces to AAA. 
[Switch] user-interface vty 0 4 
[Switch-ui-vty0-4] authentication-mode scheme 
# Enable the user interfaces to support SSH. SFTP clientSFTP server
HostSwitch
192.168.1.56/24Vlan-int1192.168.1.45/24

Add page 250 to Favourites

image text

Enable zoom

							 
240 
[Switch-ui-vty0-4] protocol inbound ssh 
[Switch-ui-vty0-4] quit 
# Configure a  local  user  named client002 with the password being aabbcc and the service  type being 
SSH. 
[Switch] local-user client002 
[Switch-luser-client002] password simple aabbcc 
[Switch-luser-client002] service-type ssh 
[Switch-luser-client002] quit 
# Configure the user authentication method as password and service type as SFTP. 
[Switch] ssh user client002 service-type sftp authentication-type password 
2. Establish a connection between the SFTP client and the SFTP server  
 NOTE: 
 The device support many types of SFTP client software. The following uses PSFTP of PuTTy Version 0.58 as an 
example.  
 PSFTP supports only password authentication.  
# Establish a connection to the remote SFTP server. 
Run the psftp.exe to launch the client interface as shown in Figure 71, and enter the following command:  
open 192.168.1.45 
Enter username client002 and password aabbcc as prompted to log in to the SFTP server. 
Figure 71 SFTP client interface

All HP manuals Comments (0)

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch