No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
File Management on Other Devices

File Management on Other Devices

A device can function as a client to manage files on other devices in TFTP, FTP, SFTP, or SCP mode.

Managing Files When the Device Functions as a TFTP Client

The device functions as a TFTP client and remotely connects to a TFTP server to upload and download files.

Pre-configuration Tasks

Before connecting to a device as a TFTP client to manage files, complete the following tasks:

  • Ensuring that routes are reachable between the current device and the TFTP server.
  • Obtaining the IP address of the TFTP server and the directory for storing files to download or upload.
Configuration Process
NOTE:

The TFTP protocol will bring risk to device security. The SFTP V2 or SCP mode is recommended.

Table 1-73 describes the procedure for managing files when the device functions as a TFTP client.

Table 1-73 Procedure for managing files when the device functions as a TFTP client

No.

Task

Description

Remarks

1

(Optional) Configure the TFTP client source address

Configure the TFTP client source address. The source address can be set to a source IP address or source interface information, ensuring communication security.

You can configure the TFTP client source address and TFTP ACL rule in any sequence.

2

(Optional) Configure the TFTP ACL

Configure the ACL rule, improving TFTP access security.

3

Run TFTP commands to upload or download files

Upload and download files.

Procedure

  • (Optional) Configure the TFTP client source address.

    The source interface, for example, the loopback interface, must provide stable performance. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. After the client source address is configured as the source or destination address in the ACL rule, IP address differences and interface status impact are shielded, and incoming and outgoing packets are filtered.

    The TFTP client source address must be set to the loopback interface IP address or loopback interface information.

    Table 1-74 Configuring the TFTP client source address

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Configure the TFTP client source address.

    tftp client source { -a source-ip-address | -i interface-type interface-number }

    The TFTP client source address can be set to a source IP address or source interface information. If the source address is set to source interface information, configure an IP address for the interface for establishing TFTP connections.

    Submit the configurations.

    commit

    -

  • (Optional) Configure the TFTP ACL.

    An ACL is composed of a list of rules such as the source address, destination address, and port number of packets. ACL rules are used to classify packets. After these rules are applied to routing devices, the routing devices determine the packets to be received and rejected.

    An ACL can define multiple rules. ACLs are classified into basic ACLs, advanced ACLs, and Layer 2 ACLs.

    NOTE:

    TFTP supports only the basic ACL whose number ranges from 2000 to 2999.

    ACL rule:
    • The local device can establish TFTP connections with other devices that match the ACL rule only when permit is used in the ACL rule.

    • When deny is used in the ACL rule, the local device cannot establish TFTP connections with other devices that match the ACL rule.

    • When the ACL rule is configured but packets from other devices do not match the rule, the local device cannot establish TFTP connections with other devices.

    • When the ACL contains no rule, the local device can establish TFTP connections with any other devices.

    Table 1-75 Configuring the TFTP ACL

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Create an ACL and enter the ACL view.

    acl { [ number ] acl-number | name acl-name }

    By default, no ACL is created.

    Configure the ACL rule.

    rule [ rule-id ] { deny | permit } [ fragment-type fragment | source { source-ip-address { source-wildcard | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] *

    By default, no rule is configured for an ACL.

    Return to the system view.

    quit

    -

    Configure the TFTP ACL.

    tftp server [ ipv6 ] acl acl-number

    -

    Submit the configurations.

    commit

    -

  • Run TFTP commands to upload or download files.

    Operation

    Command

    Description

    IPv4 address

    tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server [ vpn-instance vpn-instance-name ] { get | put } source-filename [ destination-filename ]

    • get: indicates that the command is used to download files.

    • put: indicates that the command is used to upload files.

    IPv6 address

    tftp ipv6 [ -a source-ipv6-address ] tftp-server-ipv6 [ -oi interface-type interface-number ] { get | put } source-filename [ destination-filename ]

    The source address or interface specified in the tftp command takes priority over that specified in the tftp client source command. If you specify different source addresses or interfaces in the tftp client source and tftp commands, the source address or interface specified in the tftp command is used for communication. The source address or interface specified in the tftp client source command applies to all TFTP connections. The source address or interface specified in the tftp command applies only to the current TFTP connection.

Checking the Configuration
  • Run the display tftp client command to check source configurations of the TFTP client.

Managing Files When the Device Functions as an FTP Client

The device functions as an FTP client and remotely connects to an FTP server to transfer files and manage files and directories on the FTP server.

Pre-configuration Tasks

Before connecting to a device as an FTP client to manage files, complete the following tasks:

  • Ensuring that routes are reachable between the current device and the FTP server.
  • Obtaining the IP address of the FTP server, FTP user name, and password.
  • Obtaining the listening port number of the FTP server if the default listening port number is not used.
Configuration Process
NOTE:

The FTP protocol will bring risk to device security. The SFTP V2 or SCP mode is recommended.

Table 1-76 describes the procedure for managing files when the device functions as an FTP client.

Table 1-76 Procedure for managing files when the device functions as an FTP client

No.

Task

Description

Remarks

1

(Optional) Configure the FTP client source address

Configure the FTP client source address. The source address can be set to a source IP address or source interface information, ensuring communication security.

Perform steps 1 and 2 in sequence. After the FTP connection is established, perform steps 3 and 4 in any sequence. To disconnect from the FTP server, perform step 5.

2

Run FTP commands to connect to the FTP server

-

3

Run FTP commands to perform file-related operations

Run FTP commands to perform file-related operations including performing operations on directories and files, configuring the file transfer mode, and viewing the online help about FTP commands.

4

(Optional) Change the login user

-

5

Disconnect the FTP client from the FTP server

-

Procedure

  • (Optional) Configure the FTP client source address.

    The source interface, for example, the loopback interface, must provide stable performance. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. After the client source address is configured as the source or destination address in the ACL rule, IP address differences and interface status impact are shielded, and incoming and outgoing packets are filtered.

    The FTP client source address must be set to the loopback interface IP address or loopback interface information.

    Table 1-77 Configuring the FTP client source address

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Configure the FTP client source address.

    ftp client source { -a source-ip-address | -i interface-type interface-number }

    You are advised to use the loopback interface IP address.

    When the FTP client source address is set to loopback interface information, configure an IP address for the loopback interface for establishing FTP connections.

    Submit the configurations.

    commit

    -

  • Run FTP commands to connect to the FTP server.

    Run the corresponding command in the user view or FTP client view to connect to the FTP server.

    NOTE:

    If the device only needs to upload files to or download files from the FTP server, you can complete a file transfer at one time by running the ftp { put | get } [ -a source-ip-address | -i interface-type interface-number ] host-ip host-ip [ port portnumber ] [ public-net | vpn-instance vpn-instance-name ] username username sourcefile local-filename [ destination remote-filename ] or ftp { put | get } ipv6 [ -i interface-type interface-number ] host-ip host-ipv6 [ port portnumber ] username username sourcefile local-filename [ destination remote-filename ] command in the user view. This command cannot perform other FTP operations.

    Perform the following operations based on the server IP address types.

    Table 1-78 Running FTP commands to connect to the FTP server (with an IPv4 address)

    Operation

    Command

    Description

    Connect to the FTP server in the user view when the server IP address is an IPv4 address.

    ftp [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-number ] [ public-net | vpn-instance vpn-instance-name ]

    Either operation is feasible.

    To enter the FTP client view, run the ftp command.

    Connect to the FTP server in the FTP client view when the server IP address is an IPv4 address.

    ftp

    open [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-number ] [ public-net | vpn-instance vpn-instance-name ]

    NOTE:

    Before connecting to the FTP server, run the set net-manager vpn-instance command to set the VPN instance to the default VPN instance.

    The source address specified in the ftp command takes priority over that specified in the ftp client source command. If you specify different source addresses in the ftp client source and ftp commands, the source address specified in the ftp command is used for communication. The source address specified in the ftp client source command applies to all TFTP connections. The source address specified in the ftp command applies only to the current TFTP connection.

    Table 1-79 Running FTP commands to connect to the FTP server (with an IPv6 address)

    Operation

    Command

    Description

    Connect to the FTP server in the user view when the server IP address is an IPv6 address.

    ftp ipv6 host-ipv6 [ port-number ]

    Either operation is feasible.

    To enter the FTP client view, run the ftp command.

    Connect to the FTP server in the FTP client view when the server IP address is an IPv6 address.

    ftp

    open ipv6 host-ipv6 [ port-number ]

    Users must enter the correct user name and password to connect to the server.

  • Run FTP commands to perform file-related operations.

    After connecting to the FTP server, users can run FTP commands to perform file-related operations including performing operations on directories and files, configuring the file transfer mode, and viewing the online help about FTP commands.

    NOTE:

    User rights are configured on the FTP server.

    Users can perform the following operations in any sequence.

    Table 1-80 Running FTP commands to perform file-related operations

    Operation

    Command

    Description

    Change the working directory on the server.

    cd remote-directory

    -

    Change the current working directory to its parent directory.

    cdup

    -

    Display the working directory on the server.

    pwd

    -

    Display or change the local working directory.

    lcd [ local-directory ]

    The lcd command displays the local working directory on the client, and the pwd command displays the working directory on the remote server.

    Create a directory on the server.

    mkdir remote-directory

    The directory name can consist of letters and digits. The following special characters are forbidden: < > ? \ :

    Delete a directory from the server.

    rmdir remote-directory

    -

    Display information about the specified directory or file on the server.

    dir/ls [ remote-filename [ local-filename ] ]

    • The ls command displays only the directory or file name, and the dir command displays detailed directory or file information such as name, size, and date when the directory or file is created.
    • If no directory is specified in the command, the system searches for the file in user's authorized directories.

    Delete a file from the server.

    delete remote-filename

    -

    Upload one or more files.

    put local-filename [ remote-filename ]

    Or

    mput local-filenames

    • To upload a file, run the put command.
    • To upload multiple files, run the mput command.

    Download one or more files.

    get remote-filename [ local-filename ]

    Or

    mget remote-filenames

    • To download a file, run the get command.
    • To download multiple files, run the mget command.

    Configure the file transfer mode is ASCII.

    ascii

    Either operation is feasible.

    • The default file transfer mode is ASCII.

    • The ASCII mode is used to transfer text files, and the binary mode is used to transfer programs, system software, and database files.

    Configure the file transfer mode is Binary.

    binary

    Configure the data transmission mode is passive.

    passive

    Either operation is feasible.

    The default data transmission mode is active.

    Configure the data transmission mode is active.

    undo passive

    View the online help about FTP commands.

    remotehelp [ command ]

    -

    Enable the system prompt function.

    prompt

    By default, the prompt function is disabled.

    Enable the verbose function.

    verbose

    After the verbose function is enabled, all FTP response messages are displayed on the FTP client.

  • (Optional) Change the login user.

    The current user can switch to another user in the FTP client view. The new FTP connection is the same as that established by running the ftp command.

    Operation

    Command

    Description

    Change the current user in the FTP client view.

    user user-name

    When the login user is switched to another user, the original user is disconnected from the FTP server.

  • Disconnect the FTP client from the FTP server.

    Users can run different commands in the FTP client view to disconnect the FTP client from the FTP server.

    Operation

    Command

    Description

    Disconnect the FTP client from the FTP server and return to the user view.

    bye or quit

    Either operation is feasible.

    Disconnect the FTP client from the FTP server and display the FTP client view.

    close or disconnect

Checking the Configurations
  • Run the display ftp client command to check source configurations on the FTP client.

Managing Files When the Device Functions as an SFTP Client

SFTP is an SSH-based protocol that provides a secure file transfer capability. Configure the device as an SFTP client. The remote SSH server authenticates the SFTP client and encrypts data in bidirectional mode, ensuring secure file transfer and management of directories on the SSH server.

Pre-configuration Tasks

Before connecting to a device as an SFTP client to manage files, complete the following tasks:

  • Ensuring that routes are reachable between the current device and the SSH server.
  • Obtaining the IP address of the SSH server and SSH user information.
  • Obtaining the listening port number of the SSH server if the default listening port number is not used.
Configuration Process

Table 1-81 describes the procedure for managing files when the device functions as an SFTP client.

Table 1-81 Procedure for managing files when the device functions as an SFTP client

No.

Task

Description

Remarks

1

(Optional) Configure the SFTP client source address

Configure the SFTP client source address. The source address can be set to a source IP address or source interface information, ensuring communication security.

Steps 1, 2, and 3 can be performed in any sequence. Steps 4-6 need to be performed in sequence.

2

Generate a local key pair

Generate a local key pair and configure the public key on the SSH server.

Perform this step only when the device logs in to the SSH server in RSA, DSA, or ECC authentication mode, not the password authentication mode.

3

Configure the initial SSH connection

To configure the initial SSH connection, enable the initial authentication function or save the public key of the SSH server on the SSH client.

4

Run SFTP commands to connect to the SSH server

-

5

Run SFTP commands to perform file-related operations

Users can perform operations on directories and files on the SSH server and view the help about SFTP commands on the SFTP client.

6

Disconnect the SFTP client from the SSH server

-

Procedure

  • (Optional) Configure the SFTP client source address.

    The source interface, for example, the loopback interface, must provide stable performance. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. After the client source address is configured as the source or destination address in the ACL rule, IP address differences and interface status impact are shielded, and incoming and outgoing packets are filtered.

    The SFTP client source address must be set to the loopback interface IP address or loopback interface information.

    Table 1-82 Configuring the SFTP client source address

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Configure the SFTP client source address.

    sftp client-source { -a source-ip-address [ -vpn-instance vpn-instance-name ] | -i interface-type interface-number }

    The default source address is 0.0.0.0.

    The client source address is set to the loopback interface IP address or loopback interface information.

    Submit the configurations.

    commit

    -

  • Generate a local key pair.

    NOTE:

    Perform this step only when the device logs in to the SSH server in RSA, DSA, or ECC authentication mode, not the password authentication mode.

    Table 1-83 Actions for generating a local key pair

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Generate a local key pair.

    rsa local-key-pair create, dsa local-key-pair create, or ecc local-key-pair create

    Perform one of the operations based on the key type.

    Run the display rsa local-key-pair public, display dsa local-key-pair public, or display ecc local-key-pair public command to view the public key in the local RSA, DSA, or ECC key pair. Configure the public key on the SSH server.

    Commit the configuration.

    commit

    -

  • Configure the initial SSH connection.

    By default, the client cannot connect to the SSH server because the client does not save the public key of the SSH server. Configure the initial SSH connection in either of the following ways:

    • Enable the initial authentication function on the client. With the function enabled, the client connects to the SSH server without checking the public key of the SSH server. When the initial SSH connection succeeds, the client automatically saves the public key of the SSH server for the next SSH connection. For details, see Table 1-84.
    • Save the public key of the SSH server on the client so that the client can authenticate the SSH server successfully. For details, see Table 1-85. This method ensures higher security but becomes more complex than the first method.
    Table 1-84 Actions for enabling first authentication for the SSH client

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Enable first authentication for the SSH client.

    ssh client first-time enable

    By default, first authentication is disabled on the SSH client.

    Commit the configuration.

    commit

    -

    Table 1-85 Actions for configuring the SSH client to assign the RSA, DSA, or ECC public key to the SSH server

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Enter the RSA, DSA, or ECC public key view.

    rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]

    or

    dsa peer-public-key key-name encoding-type { der | openssh | pem }

    or

    ecc peer-public-key key-name

    Perform one of the operations based on the key type.

    Enter the public key editing view.

    public-key-code begin

    -

    Edit the public key.

    hex-data

    • The public key must be a hexadecimal character string in the public key encoding format, and generated by the SSH server.
    • After entering the public key editing view, you must enter the RSA, DSA, or ECC public key that is generated on the server to the client.

    Quit the public key editing view.

    public-key-code end

    • If no key public code hex-data is entered, the public key cannot be generated after you run this command.
    • If the specified key key-name has been deleted, the system displays a message indicating that the key does not exist and returns to the system view directly when you run this command.

    Return to the system view.

    peer-public-key end

    -

    Bind the RSA, DSA, or ECC public key to the SSH server.

    ssh client server-ip-address assign { rsa-key | dsa-key | ecc-key } key-name

    If the SSH server public key saved in the SSH client does not take effect, run the undo ssh client server-ip-address assign { rsa-key | dsa-key | ecc-key } command to cancel the binding between the SSH server and RSA, DSA, or ECC public key, and run this command to assign a new RSA, DSA, or ECC public key to the SSH server.

    Commit the configuration.

    commit

    -

  • Run SFTP commands to connect to the SSH server.

    The SFTP client connect command has the same function with the STelnet client connect command. Both the clients can carry the source address, configure the keepalive function, and select a key exchange algorithm, an encryption algorithm, and an HMAC algorithm.

    Table 1-86 Running SFTP commands to connect to the SSH server

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    IPv4 address

    sftp [ -a source-address | -i interface-type interface-number | -force-receive-pubkey ] host-ip [ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | prefer_kex kex-type | prefer_ctos_cipher cipher-type | prefer_stoc_cipher cipher-type | prefer_ctos_hmac hmac-type | prefer_stoc_hmac hmac-type | prefer_ctos_compress zlib | prefer_stoc_compress zlib | -ki aliveinterval | -kc alivecountmax | identity-key { rsa | dsa | ecc } ] *

    Run either of the commands based on the IP address type.

    In most cases, only the IP address is specified in the commands.

    If the source interface is specified using -i interface-type interface-number, the -vpn-instance vpn-instance-name parameters are not supported.

    IPv6 address

    sftp ipv6 [ -a source-address | -force-receive-pubkey ] host-ipv6 [ -oi interface-type interface-number ] [ port ] [ prefer_kex kex-type | prefer_ctos_cipher cipher-type | prefer_stoc_cipher cipher-type | prefer_ctos_hmac hmac-type | prefer_stoc_hmac hmac-type | prefer_ctos_compress zlib | prefer_stoc_compress zlib | -ki aliveinterval | -kc alivecountmax | identity-key { rsa | dsa | ecc } ] *

    Command example:
    [~HUAWEI] sftp 10.137.217.201

    When the SSH connection succeeds, sftp-client> is displayed, indicating the SFTP client view.

  • Run SFTP commands to perform file-related operations.

    In the SFTP client view, you can perform one or more file-related operations listed in Table 1-87 in any sequence.

    Table 1-87 Running SFTP commands to perform file-related operations

    Operation

    Command

    Description

    Change the user's current working directory.

    cd [ remote-directory ]

    -

    Change the current working directory to its parent directory.

    cdup

    -

    Display the user's current working directory.

    pwd

    -

    Display the file list in a specified directory.

    dir/ls [ -l | -a ] [ remote-directory ]

    Outputs of the dir and ls commands are the same.

    Delete directories from the server.

    rmdir remote-directory &<1-10>

    A maximum of 10 directories can be deleted at one time.

    Before running the rmdir command to delete directories, ensure that the directories do not contain any files. Otherwise, the deletion fails.

    Create a directory on the server.

    mkdir remote-directory

    -

    Change the name of a specified file on the server.

    rename old-name new-name

    -

    Download a file from the remote server.

    get remote-filename [ local-filename ]

    -

    Upload a local file to the remote server.

    put local-filename [ remote-filename ]

    -

    Delete files from the server.

    remove remote-filename &<1-10>

    A maximum of 10 files can be deleted at one time.

    remove and delete have the same effect.

    View the help about SFTP commands.

    help [ command-name ]

    -

  • Disconnect the SFTP client from the SSH server.

    Operation

    Command

    Description

    Disconnect the SFTP client from the SSH server.

    quit

    The bye or exit command can also disconnect the SFTP client.

Checking the Configuration
  • Run the display sftp client command to check source configurations of the SFTP client.
  • Run the display ssh server-info command to check the mappings between the SSH server and the public key.

Managing Files When the Device Functions as an SCP Client

SCP is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. When configured as an SCP client, the device can securely upload and download files when connecting to the server.

Pre-configuration Tasks

Before connecting to a device as an SCP client to manage files, complete the following tasks:

  • Ensuring that routes are reachable between the current device and the SSH server.
  • Obtaining the host name or IP address of the SSH server and SSH user information.
  • Obtaining the listening port number of the SSH server if the default listening port number is not used.
Configuration Process

Table 1-88 describes the procedure for managing files when the device functions as an SCP client.

Table 1-88 Procedure for managing files when the device functions as an SCP client

No.

Task

Description

Remarks

1

(Optional) Configure the SCP client source address

Configure the SCP client source address. The source address can be set to a source IP address or source interface information, ensuring communication security.

Steps 1, 2, and 3 can be performed in any sequence.

2

Generate a local key pair

Generate a local key pair and configure the public key on the SSH server.

Perform this step only when the device logs in to the SSH server in RSA, DSA, or ECC authentication mode, not the password authentication mode.

3

Configure the initial SSH connection

To configure the initial SSH connection, enable the initial authentication function or save the public key of the SSH server on the SSH client.

4

Run SCP commands to connect to the SSH server

-

Procedure

  • (Optional) Configure the SCP client source address.

    Table 1-89 (Optional) Configuring the SCP client source address

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    Configure the SCP client source address.

    scp client-source { -a source-ip-address [ public-net | -vpn-instance vpn-instance-name ] | -i loopback interface-number }

    By default, no source IP address is configured on the SCP client.

    When -i is specified, run the interface loopback command to configure the loopback interface first.

    Submit the configurations.

    commit

    -

  • Generate a local key pair

    NOTE:

    Perform this step only when the device logs in to the SSH server in RSA, DSA, or ECC authentication mode, not the password authentication mode.

    Table 1-90 Actions for generating a local key pair

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Generate a local key pair.

    rsa local-key-pair create, dsa local-key-pair create, or ecc local-key-pair create

    Perform one of the operations based on the key type.

    Run the display rsa local-key-pair public, display dsa local-key-pair public, or display ecc local-key-pair public command to view the public key in the local RSA, DSA, or ECC key pair. Configure the public key on the SSH server.

    Commit the configuration.

    commit

    -

  • Configure the initial SSH connection.

    By default, the client cannot connect to the SSH server because the client does not save the public key of the SSH server. Configure the initial SSH connection in either of the following ways:

    • Enable the initial authentication function on the client. With the function enabled, the client connects to the SSH server without checking the public key of the SSH server. When the initial SSH connection succeeds, the client automatically saves the public key of the SSH server for the next SSH connection. For details, see Table 1-84.
    • Save the public key of the SSH server on the client so that the client can authenticate the SSH server successfully. For details, see Table 1-85. This method ensures higher security but becomes more complex than the first method.
    Table 1-91 Actions for enabling first authentication for the SSH client

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Enable first authentication for the SSH client.

    ssh client first-time enable

    By default, first authentication is disabled on the SSH client.

    Commit the configuration.

    commit

    -

    Table 1-92 Actions for configuring the SSH client to assign the RSA, DSA, or ECC public key to the SSH server

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Enter the RSA, DSA, or ECC public key view.

    rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]

    or

    dsa peer-public-key key-name encoding-type { der | openssh | pem }

    or

    ecc peer-public-key key-name

    Perform one of the operations based on the key type.

    Enter the public key editing view.

    public-key-code begin

    -

    Edit the public key.

    hex-data

    • The public key must be a hexadecimal character string in the public key encoding format, and generated by the SSH server.
    • After entering the public key editing view, you must enter the RSA, DSA, or ECC public key that is generated on the server to the client.

    Quit the public key editing view.

    public-key-code end

    • If no key public code hex-data is entered, the public key cannot be generated after you run this command.
    • If the specified key key-name has been deleted, the system displays a message indicating that the key does not exist and returns to the system view directly when you run this command.

    Return to the system view.

    peer-public-key end

    -

    Bind the RSA, DSA, or ECC public key to the SSH server.

    ssh client server-ip-address assign { rsa-key | dsa-key | ecc-key } key-name

    If the SSH server public key saved in the SSH client does not take effect, run the undo ssh client server-ip-address assign { rsa-key | dsa-key | ecc-key } command to cancel the binding between the SSH server and RSA, DSA, or ECC public key, and run this command to assign a new RSA, DSA, or ECC public key to the SSH server.

    Commit the configuration.

    commit

    -

  • Run SCP commands to connect to the SSH server.

    Different from the SFTP mode, after the SCP connection is established, the client can directly upload files to or download files from the server.

    Table 1-93 Running SCP commands to connect to the SSH server

    Operation

    Command

    Description

    Enter the system view.

    system-view

    -

    IPv4 address

    scp [ -a source-ip-address | -i interface-type interface-number | -force-receive-pubkey ] [ -port port-number | { public-net | vpn-instance vpn-instance-name } | -c | -cipher cipher-type | -prefer-kex kex-type | -r | identity-key { dsa | ecc | rsa } ] * source-filename destination-filename

    Run either of the commands based on the IP address type.

    If the source interface is specified using -i interface-type interface-number, the public-net and vpn-instance vpn-instance-name parameters are not supported.

    IPv6 address

    scp ipv6 [ -a source-ipv6-address | -oi interface-type interface-number | -force-receive-pubkey ] [ -port port-number | -c | -cipher cipher-type | -prefer-kex kex-type | -r | identity-key { dsa | ecc | rsa } ] * source-filename destination-filename

Checking the Configurations

  • Run the display scp client command to check source configurations on the SCP client.
  • Run the display ssh server-info command to check the mappings between the SSH server and the public key.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57898

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next