No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S7700 and S9700 V200R010C00

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring an SFTP Client

Example for Configuring an SFTP Client

Networking Requirements

SSH secures file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. The client uses SFTP to securely connect to the SSH server and transfer files.

As shown in Figure 7-9, routes between the SSH server and clients client001 and client002 are reachable. In this example, Huawei device functions as an SSH server.

Client001 and client002 connect to the SSH server using the password authentication mode and the DSA authentication mode, respectively.

Figure 7-9  Networking diagram for managing files when the device functions as an SFTP client

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.
  2. Create users client001 and client002 and set their authentication modes on the SSH server.
  3. Generate a local key pair on client002 and configure the DSA public key of client002 on the SSH server so that the server can authenticate the client when the client connects to the server.
  4. Users client001 and client002 log in to the SSH server through SFTP and access files on the server.

Procedure

  1. Generate a local key pair and enable the SFTP server function on the SSH server.

    <HUAWEI> system-view
    [HUAWEI] sysname SSH Server
    [SSH Server] dsa local-key-pair create
    Info: The key name will be: SSH Server_Host_DSA.                                                                                   
    Info: The key modulus can be any one of the following : 1024, 2048.                                                            
    Info: If the key modulus is greater than 512, it may take a few minutes.                                                            
    Please input the modulus [default=2048]:                                                                                            
    Info: Generating keys......                                                                                                            
    Info: Succeeded in creating the DSA host keys. 
    [SSH Server] sftp server enable

  2. Create SSH users on the SSH server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
    [SSH Server-ui-vty0-4] authentication-mode aaa
    [SSH Server-ui-vty0-4] protocol inbound ssh
    [SSH Server-ui-vty0-4] user privilege level 3
    [SSH Server-ui-vty0-4] quit

    # Create an SSH user client001 and set the authentication mode to password for the user.

    [SSH Server] ssh user client001
    [SSH Server] ssh user client001 authentication-type password
    [SSH Server] ssh user client001 service-type sftp
    [SSH Server] ssh user client001 sftp-directory cfcard:
    [SSH Server] aaa
    [SSH Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789
    [SSH Server-aaa] local-user client001 service-type ssh
    [SSH Server-aaa] local-user client001 privilege level 3
    [SSH Server-aaa] quit
    

    # Create an SSH user client002 and set the authentication mode to dsa for the user.

    [SSH Server] ssh user client002
    [SSH Server] ssh user client002 authentication-type dsa
    [SSH Server] ssh user client002 service-type sftp
    [SSH Server] ssh user client002 sftp-directory cfcard:

  3. Generate a local key pair on client002 and configure the DSA public key of client002 on the SSH server.

    # Generate a local key pair on client002.

    <HUAWEI> system-view
    [HUAWEI] sysname client002
    [client002] dsa local-key-pair create
    Info: The key name will be: SSH Server_Host_DSA.                                                                                   
    Info: The key modulus can be any one of the following : 1024, 2048.                                                            
    Info: If the key modulus is greater than 512, it may take a few minutes.                                                            
    Please input the modulus [default=2048]:                                                                                            
    Info: Generating keys......                                                                                                            
    Info: Succeeded in creating the DSA host keys. 
    [client002] sftp server enable

    # Check the DSA public key of the client.

    [client002] display dsa local-key-pair public
    
    =====================================================
    Time of Key pair created: 2014-03-03 19:11:04+00:00
    Key name: client002_Host
    Key type: DSA encryption Key
    =====================================================
    Key code:
    30820109
      02820100
        C7D92E27 E88745D4 933AB1F5 DA692AC4 1D544BDC
        8EA252B0 E90A5001 1F2567C6 3952DEFD 95EF93C2
        D77E8CDF B36E7F43 57C1D7BA 0978DD7A 2F7F7187
        04FD6A03 C4FFDB58 04B3A0C4 B6E50528 AAE56FF9
        5F66EE00 8E4702DB AA764006 322E6F72 CC9C1A39
        462DBCD0 EA934441 1678BA23 40473EC4 58DF84FA
        20C9CB60 98E5ACDA 2E98B55A 0299FBAB FE91EFA3
        E155E065 7C7FFCD4 4EAB71EC A7A73DD7 AC8474B7
        2DD37D1C 710C6E14 57DA200C 477E45BC 38AC7685
        BD8D6325 CCBE3F32 85435E5B EB6A08DF 752B7EBD
        CE21CFCB F3AC0C35 671E5ACC AFC36F0B 54E646F6
        D12B4BA3 6E9EF69F A5BED377 954709EB CE29A923
        04B347D7 29296E7D 3D5F69AB 4365AA2F
      0203
        010001
    
     Host public key for PEM format code:
    ---- BEGIN SSH2 PUBLIC KEY ----
    AAAAB3NzaC1yc2EAAAADAQABAAABAQDH2S4n6IdF1JM6sfXaaSrEHVRL3I6iUrDp
    ClABHyVnxjlS3v2V75PC136M37Nuf0NXwde6CXjdei9/cYcE/WoDxP/bWASzoMS2
    5QUoquVv+V9m7gCORwLbqnZABjIub3LMnBo5Ri280OqTREEWeLojQEc+xFjfhPog
    yctgmOWs2i6YtVoCmfur/pHvo+FV4GV8f/zUTqtx7KenPdeshHS3LdN9HHEMbhRX
    2iAMR35FvDisdoW9jWMlzL4/MoVDXlvragjfdSt+vc4hz8vzrAw1Zx5azK/DbwtU
    5kb20StLo26e9p+lvtN3lUcJ684pqSMEs0fXKSlufT1faatDZaov
    ---- END SSH2 PUBLIC KEY ----
    
    Public key code for pasting into OpenSSH authorized_keys file :
    ssh-dsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH2S4n6IdF1JM6sfXaaSrEHVRL3I6iUrDpClABHyVnxjlS3v2V75PC136M37Nuf0NXwde6CXjdei9/cYcE/WoDxP/bWASz
    oMS25QUoquVv+V9m7gCORwLbqnZABjIub3LMnBo5Ri280OqTREEWeLojQEc+xFjfhPogyctgmOWs2i6YtVoCmfur/pHvo+FV4GV8f/zUTqtx7KenPdeshHS3LdN9HHEMbhRX
    2iAMR35FvDisdoW9jWMlzL4/MoVDXlvragjfdSt+vc4hz8vzrAw1Zx5azK/DbwtU5kb20StLo26e9p+lvtN3lUcJ684pqSMEs0fXKSlufT1faatDZaov= dsa-key
    

    # Configure the DSA public key of client002 on the SSH server. (Information in bold in the display command output is the DSA public key of client002. Copy the information to the server.)

    [SSH Server] dsa peer-public-key dsakey001 encoding-type der
    [SSH Server-dsa-public-key] public-key-code begin
    [SSH Server-dsa-key-code] 30820109
    [SSH Server-dsa-key-code] 02820100 
    [SSH Server-dsa-key-code] C7D92E27 E88745D4 933AB1F5 DA692AC4 1D544BDC
    [SSH Server-dsa-key-code] 8EA252B0 E90A5001 1F2567C6 3952DEFD 95EF93C2
    [SSH Server-dsa-key-code] D77E8CDF B36E7F43 57C1D7BA 0978DD7A 2F7F7187
    [SSH Server-dsa-key-code] 04FD6A03 C4FFDB58 04B3A0C4 B6E50528 AAE56FF9
    [SSH Server-dsa-key-code] 5F66EE00 8E4702DB AA764006 322E6F72 CC9C1A39
    [SSH Server-dsa-key-code] 462DBCD0 EA934441 1678BA23 40473EC4 58DF84FA
    [SSH Server-dsa-key-code] 20C9CB60 98E5ACDA 2E98B55A 0299FBAB FE91EFA3
    [SSH Server-dsa-key-code] E155E065 7C7FFCD4 4EAB71EC A7A73DD7 AC8474B7
    [SSH Server-dsa-key-code] 2DD37D1C 710C6E14 57DA200C 477E45BC 38AC7685
    [SSH Server-dsa-key-code] BD8D6325 CCBE3F32 85435E5B EB6A08DF 752B7EBD
    [SSH Server-dsa-key-code] CE21CFCB F3AC0C35 671E5ACC AFC36F0B 54E646F6
    [SSH Server-dsa-key-code] D12B4BA3 6E9EF69F A5BED377 954709EB CE29A923
    [SSH Server-dsa-key-code] 04B347D7 29296E7D 3D5F69AB 4365AA2F
    [SSH Server-dsa-key-code] 0203
    [SSH Server-dsa-key-code] 010001
    [SSH Server-dsa-key-code] public-key-code end
    [SSH Server-dsa-public-key] peer-public-key end

    # Bind the client002 user to the DSA public key of client002.

    [SSH Server] ssh user client002 assign dsa-key dsakey001

  4. Connect SFTP clients to the SSH server.

    # If the clients connect to the SSH server for the first time, enable the initial authentication function on the clients.

    Enable the initial authentication function on client001.

    <HUAWEI> system-view
    [HUAWEI] sysname client001
    [client001] ssh client first-time enable

    Enable the initial authentication function on client002.

    [client002] ssh client first-time enable

    # Log in to the SSH server from client001 in password authentication mode.

    [client002] sftp 10.1.1.1
    Please input the username:client002                                                                                                 
    Trying 10.1.1.1 ...                                                                                                           
    Press CTRL+K to abort                                                                                                               
    Connected to 10.1.1.1 ...                                                                                                     
    password:SSH_SERVER_CODE                                                                                                                 
                                                                                                                                        
    Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey authentication; Ctrl_C for Cancel], Please select [R, D, Enter or Ctrl_C]:D                                                                                       
                                                                                                                                        
    sftp-client> 
    

    # Log in to the SSH server from client002 in DSA authentication mode.

    [client002] sftp 10.1.1.1
    Please input the username:client002                                                                                                 
    Trying 10.1.1.1 ...                                                                                                           
    Press CTRL+K to abort                                                                                                               
    Connected to 10.1.1.1 ...                                                                                                     
    password:SSH_SERVER_CODE                                                                                                                 
                                                                                                                                        
    Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey authentication; Ctrl_C for Cancel], Please select [R, D, Enter or Ctrl_C]:D                                                                                       
                                                                                                                                        
    sftp-client> 
    

  5. Verify the configurations.

    Run the display ssh server status command. You can see that the SFTP service has been enabled. Run the display ssh user-information command. Information about the configured SSH users is displayed.

    # Check the SSH server status.

    [SSH Server] display ssh server status
     SSH version                         :1.99
     SSH connection timeout              :60 seconds
     SSH server key generating interval  :0 hours
     SSH authentication retries          :3 times
     SFTP server                         :Enable  
     Stelnet server                      :Disable  
     Scp server                          :Disable
     SSH server source                   :0.0.0.0                                   
     ACL4 number                         :0                                         
     ACL6 number                         :0 

    # Check information about SSH users.

    [SSH Server] display ssh user-information
      User 1:
           User Name            : client001
           Authentication-type  : password
           User-public-key-name : -
           User-public-key-type : -
           Sftp-directory       : cfcard:
           Service-type         : sftp
           Authorization-cmd    : No 
      User 2:
           User Name            : client002
           Authentication-type  : dsa
           User-public-key-name : dsakey001
           User-public-key-type : dsa
           Sftp-directory       : cfcard:
           Service-type         : sftp
           Authorization-cmd    : No 

Configuration Files

  • SSH server configuration file

    #
    sysname SSH Server
    #
    dsa peer-public-key dsakey001 encoding-type der
     public-key-code begin
      30820109
        02820100
          C7D92E27 E88745D4 933AB1F5 DA692AC4 1D544BDC 8EA252B0 E90A5001 1F2567C6
          3952DEFD 95EF93C2 D77E8CDF B36E7F43 57C1D7BA 0978DD7A 2F7F7187 04FD6A03
          C4FFDB58 04B3A0C4 B6E50528 AAE56FF9 5F66EE00 8E4702DB AA764006 322E6F72
          CC9C1A39 462DBCD0 EA934441 1678BA23 40473EC4 58DF84FA 20C9CB60 98E5ACDA
          2E98B55A 0299FBAB FE91EFA3 E155E065 7C7FFCD4 4EAB71EC A7A73DD7 AC8474B7
          2DD37D1C 710C6E14 57DA200C 477E45BC 38AC7685 BD8D6325 CCBE3F32 85435E5B
          EB6A08DF 752B7EBD CE21CFCB F3AC0C35 671E5ACC AFC36F0B 54E646F6 D12B4BA3
          6E9EF69F A5BED377 954709EB CE29A923 04B347D7 29296E7D 3D5F69AB 4365AA2F
        0203
          010001
     public-key-code end
    peer-public-key end
    #
    aaa
     local-user client001 password irreversible-cipher $1a$P2m&M5d"'JHR7b~SrcHF\Z\,2R"t&6V|zOLh9y$>M\bjG$D>%@Ug/<3I$+=Y$
     local-user client001 privilege level 3
     local-user client001 service-type ssh
    #
    sftp server enable
    ssh user client001
    ssh user client001 authentication-type password
    ssh user client001 service-type sftp
    ssh user client001 sftp-directory cfcard:
    ssh user client002
    ssh user client002 authentication-type dsa
    ssh user client002 assign dsa-key dsakey001
    ssh user client002 service-type sftp
    ssh user client002 sftp-directory cfcard:
    #
    user-interface vty 0 4
     authentication-mode aaa
     user privilege level 3
    #
    return
  • Client001 configuration file

    #
    sysname client001
    #
    ssh client first-time enable
    #
    return 
  • Client002 configuration file

    #
    sysname client002
    #
    ssh client first-time enable
    #
    return
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141895

Views: 61750

Downloads: 219

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next