No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

Example for Logging In to the Device to Manage Files

Configuration Requirements

After logging in to the device through the console interface, Telnet, or STelnet, perform the following operations:

  • View files and subdirectories in the current directory.
  • Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as backup.zip.
  • View files in the test directory.

Procedure

  1. View files and subdirectories in the current directory.

    <Huawei> dir
    Directory of flash:/
    
      Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
        0  -rw-            889  Mar 01 2012 14:41:56   private-data.txt
        1  -rw-          6,311  Feb 17 2012 14:05:04   backup.cfg
        2  -rw-          2,393  Mar 06 2012 17:20:10   vrpcfg.zip
        3  -rw-            812  Dec 12 2011 15:43:10   hostkey
        4  drw-              -  Mar 01 2012 14:41:46   compatible
        5  -rw-            540  Dec 12 2011 15:43:12   serverkey
    ...
    6,144 KB total (5,372 KB free)

  2. Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as backup.zip.

    # Create the test directory.

    <Huawei> mkdir test
    Info: Create directory flash:/test......Done

    # Copy the vrpcfg.zip file to test and rename vrpcfg.zip as backup.zip.

    <Huawei> copy vrpcfg.zip flash:/test/backup.zip 
    Copy flash:/vrpcfg.zip to flash:/test/backup.zip?(y/n)[n]:y
    100%  complete
    Info: Copied file flash:/vrpcfg.zip to flash:/test/backup.zip...Done
    NOTE:

    If no destination file name is specified, the destination file is set to the source file name by default.

  3. View files in the test directory.

    # Access the test directory.

    <Huawei> cd test

    # View the current working directory.

    <Huawei> pwd
    flash:/test

    # View files in the test directory.

    <Huawei> dir
    Directory of flash:/test/
    
      Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
        0  -rw-          2,399  Mar 12 2012 11:16:44   backup.zip
    
    6,144 KB total (2,973 KB free)

Configuration Files

None

Example for Managing Files When the Device Functions as an FTP Server

Networking Requirements

As shown in Figure 3-24, routes between the PC and the device functioning as an FTP server are reachable. 10.136.23.5 is the IP address of VLANIF 1 on the FTP server. To transfer configuration files to the device, you must upload the files from the PC to the device functioning as the FTP server and save the device's configuration file vrpcfg.zip to the PC for backup.

Figure 3-24  Network for managing files when the device functions as an FTP server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the FTP function and FTP user information including user name, password, user level, service type, and authorized directory on the FTP server.
  2. Save the vrpcfg.zip file on the FTP server.
  3. Connect to the FTP server on the PC.
  4. Upload newconfig.zip to and download vrpcfg.zip from the FTP server.

Procedure

  1. Configure the FTP function and FTP user information on the FTP server.

    <Huawei> system-view
    [Huawei] ftp server enable
    Warning: FTP is not a secure protocol, and it is recommended to use SFTP.       
    Info: Succeeded in starting the FTP server
    [Huawei] aaa
    [Huawei-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
    [Huawei-aaa] local-user admin1234 privilege level 15
    [Huawei-aaa] local-user admin1234 service-type ftp
    [Huawei-aaa] local-user admin1234 ftp-directory flash:
    [Huawei-aaa] quit
    

  2. Save the vrpcfg.zip file on the FTP server.

    <Huawei> save

  3. Connect to the FTP server on the PC as the admin1234 user whose password is Helloworld@6789 and transfer files in binary mode.

    C:\Documents and Settings\Administrator> ftp 10.136.23.5
    Connected to 10.136.23.5.
    220 FTP service ready.
    User (10.136.23.5:(none)): admin1234
    331 Password required for admin1234.
    Password:
    230 User logged in.
    ftp>

  4. Upload newconfig.zip to and download vrpcfg.zip from the FTP server.

    # Upload the newconfig.zip file to the FTP server.

    ftp> put newconfig.zip
    200 Port command okay.
    150 Opening BINARY mode data connection for newconfig.zip
    226 Transfer complete.
    ftp: 832832 bytes sent in 136.34Seconds 560.79Kbytes/sec.

    # Download the vrpcfg.zip file.

    ftp> get vrpcfg.zip
    200 Port command okay.
    150 Opening BINARY mode data connection for vrpcfg.zip.
    226 Transfer complete.
    ftp: 1257 bytes received in 0.03Seconds 40.55Kbytes/sec.
    NOTE:
    The devicesoft.cc file to upload and the vrpcfg.zip file to download are stored in the local directory on the FTP client. Before uploading and downloading files, obtain the local directory on the client.

  5. Verify the configuration.

    # Run the dir command on the FTP server to check the newconfig.zip file.

    <Huawei> dir
    Directory of flash:/
    
      Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
        0  -rw-             14  Mar 13 2012 14:13:38   back_time_a
        1  drw-              -  Mar 11 2012 00:58:54   logfile
        2  -rw-              4  Nov 17 2011 09:33:58   snmpnotilog.txt
        3  -rw-         11,238  Mar 12 2012 21:15:56   private-data.txt
        4  -rw-          1,257  Mar 12 2012 21:15:54   vrpcfg.zip
        5  -rw-             14  Mar 13 2012 14:13:38   back_time_b
        6  -rw-        832,832  Mar 13 2012 14:24:24   newconfig.zip
        7  drw-              -  Oct 31 2011 10:20:28   sysdrv
        8  drw-              -  Feb 21 2012 17:16:36   compatible
        9  drw-              -  Feb 09 2012 14:20:10   selftest
       10  -rw-         19,174  Feb 20 2012 18:55:32   backup.cfg
       11  -rw-         23,496  Dec 15 2011 20:59:36   20111215.zip
       12  -rw-            588  Nov 04 2011 13:54:04   servercert.der
       13  -rw-            320  Nov 04 2011 13:54:26   serverkey.der
       14  drw-              -  Nov 04 2011 13:58:36   security
    ...
    1,927,220 KB total (1,130,464 KB free)
                                       
    # Access the FTP user's local directory on the PC and check the vrpcfg.zip file.

Configuration Files
#
 ftp server enable
#
aaa
 local-user admin1234 password irreversible-cipher %^%#7B$FGbVut="mg,EB1+V3ApBK*dU,n@b:$2>xG%.#iRV+@Tp@X,P@^gKx2oe*%^%#
 local-user admin1234 privilege level 15
 local-user admin1234 ftp-directory flash:/
 local-user admin1234 service-type ftp
#
interface Vlanif1
 ip address 10.136.23.5 255.255.255.0
#
return

Example for Managing Files Using SFTP When the Device Functions as an SSH Server

Networking Requirements

As shown in Figure 3-25, routes between the PC and the device functioning as an SSH server are reachable. 10.136.23.4 is the management IP address on the SSH server. Configure the device as an SSH server so that the server can authenticate the client and encrypt data in bidirectional mode, preventing man-in-middle attacks and MAC/IP address spoofing to ensure secure file transfer.

Figure 3-25  Network for managing files using SFTP when the device functions as an SSH server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.

  2. Configure the VTY user interface on the SSH server.

  3. Configure SSH user information including the authentication mode, user name, and password.

  4. Connect to the SSH server using the third-party software OpenSSH on the PC.

Procedure

  1. Generate a local key pair on the SSH server, and enable the SFTP server.

    <Huawei> system-view
    [Huawei] sysname SSH Server
    [SSH Server] rsa local-key-pair create
    The key name will be: Host
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
            will take a few minutes.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ...........++++++++++++
    ..................++++++++++++
    ...++++++++
    ...........++++++++
    [SSH Server] sftp server enable

  2. Configure the VTY user interface on the SSH server.

    [SSH Server] user-interface vty 0 4
    [SSH Server-ui-vty0-4] authentication-mode aaa
    [SSH Server-ui-vty0-4] protocol inbound all
    [SSH Server-ui-vty0-4] quit

  3. Configure SSH user information including the authentication mode, user name, and password.

    [SSH Server] aaa
    [SSH Server-aaa] local-user client001 password irreversible-cipher Huawei@123
    [SSH Server-aaa] local-user client001 privilege level 15
    [SSH Server-aaa] local-user client001 service-type ssh
    [SSH Server-aaa] quit
    [SSH Server] ssh user client001 authentication-type password
    

  4. Connect to the SSH server using the third-party software OpenSSH on the PC.

    The Windows CLI can identify OpenSSH commands only when the OpenSSH is installed on the PC.

    Figure 3-26  Connecting to the SSH server

    After connecting to the SSH server, the SFTP view is displayed. Users can run SFTP commands to perform file-related operations in the SFTP view.

Configuration Files
#
 sysname SSH Server
#
aaa
 local-user client001 password irreversible-cipher %$%$k$Xg7H;w4HZP5nE4-E4(FcZQ%$%$
 local-user client001 privilege level 15
 local-user client001 service-type ssh
#
 sftp server enable
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#
return

Example for Managing Files When the Device Functions as a TFTP Client

Networking Requirements

As shown in Figure 3-27, the remote device at 10.1.1.1/24 functions as the TFTP server. The device at 10.2.1.1/24 functions as the TFTP client. Routes between the device and the server are reachable.

You need to download configuration files from the TFTP server to the device and back up the current configuration file of the device to the TFTP server.

Figure 3-27  Network for managing files when the device functions as a TFTP client

Configuration Roadmap

The configuration roadmap is as follows:

  1. Run the TFTP software on the TFTP server and configure the working directory.
  2. Run TFTP commands to download newconfig.zip from and upload vrpcfg.zip to the TFTP server.

Procedure

  1. Run the TFTP software on the TFTP server and configure the working directory. (For details, see the appropriate third-party documentation.)
  2. Run TFTP commands to download newconfig.zip from and upload vrpcfg.zip to the TFTP server.

    <Huawei> tftp 10.1.1.1 get newconfig.zip
    Info: Transfer file in binary mode.                                             
    Downloading the file from the remote TFTP server. Please wait...                
    /100%                                                                           
     93832832 bytes received in 271 seconds.                                          
    TFTP: Downloading the file successfully.                                        
    Now begins to save file, please wait......                                      
    Info: Transfer file in binary mode.
    
    <Huawei> tftp 10.1.1.1 put vrpcfg.zip 
    Info: Transfer file in binary mode.                                             
    Uploading the file to the remote TFTP server. Please wait...                    
     100%                                                                           
    TFTP: Uploading the file successfully.                                          
     2233264 bytes send in 57 seconds.                                              

  3. Verify the configuration.

    # Run the dir command on the TFTP client to check the newconfig.zip file.

    <Huawei> dir
    Directory of flash:/
    
      Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
        0  -rw-             14  Mar 13 2012 14:13:38   back_time_a
        1  drw-              -  Mar 11 2012 00:58:54   logfile
        2  -rw-              4  Nov 17 2011 09:33:58   snmpnotilog.txt
        3  -rw-         11,238  Mar 12 2012 21:15:56   private-data.txt
        4  -rw-          7,717  Mar 12 2012 21:15:54   vrpcfg.zip
        5  -rw-             14  Mar 13 2012 14:13:38   back_time_b
        6  -rw-        832,832  Mar 13 2012 14:24:24   newconfig.zip
        7  drw-              -  Oct 31 2011 10:20:28   sysdrv
        8  drw-              -  Feb 21 2012 17:16:36   compatible
        9  drw-              -  Feb 09 2012 14:20:10   selftest
       10  -rw-         19,174  Feb 20 2012 18:55:32   backup.cfg
       11  -rw-         43,496  Dec 15 2011 20:59:36   20111215.zip
       12  -rw-            588  Nov 04 2011 13:54:04   servercert.der
       13  -rw-            320  Nov 04 2011 13:54:26   serverkey.der
       14  drw-              -  Nov 04 2011 13:58:36   security
    ...
    6,144 KB total (5,196 KB free)
                                       
    # Access the working directory on the TFTP server and check the vrpcfg.zip file.

Configuration Files

None

Example for Managing Files When the Device Functions as an FTP Client

Networking Requirements

As shown in Figure 3-28, the remote device at 10.1.1.1/24 functions as the FTP server. The device at 10.2.1.1/24 functions as the FTP client. Routes between the device and the server are reachable.

You need to download configuration files from the FTP server to the device and back up the current configuration file of the device to the FTP server.

Figure 3-28  Network for managing files when the device functions as an FTP client

Configuration Roadmap

The configuration roadmap is as follows:

  1. Run the FTP software on the FTP server and configure FTP user information.
  2. Connect to the FTP server.
  3. Run FTP commands to download newconfig.zip from and upload vrpcfg.zip to the FTP server.

Procedure

  1. Run the FTP software on the FTP server and configure FTP user information. (For details, see the appropriate third-party documentation.)
  2. Connect to the FTP server.

    <Huawei> ftp 10.1.1.1
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1.
    220 FTP service ready.
    User(10.1.1.1:(none)):admin
    331 Password required for admin.
    Enter password:
    230 User logged in.
                      
    [Huawei-ftp] 

  3. Run FTP commands to download newconfig.zip from and upload vrpcfg.zip to the FTP server.

    [Huawei-ftp] get newconfig.zip
    [Huawei-ftp] put vrpcfg.zip
    [Huawei-ftp] quit
    

  4. Verify the configuration.

    # Run the dir command on the FTP client to check the newconfig.zip file.

    <Huawei> dir
    Directory of flash:/
    
      Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
        0  -rw-             14  Mar 13 2012 14:13:38   back_time_a
        1  drw-              -  Mar 11 2012 00:58:54   logfile
        2  -rw-              4  Nov 17 2011 09:33:58   snmpnotilog.txt
        3  -rw-         11,238  Mar 12 2012 21:15:56   private-data.txt
        4  -rw-          7,717  Mar 12 2012 21:15:54   vrpcfg.zip
        5  -rw-             14  Mar 13 2012 14:13:38   back_time_b
        6  -rw-     832,832  Mar 13 2012 14:24:24   newconfig.zip
        7  drw-              -  Oct 31 2011 10:20:28   sysdrv
        8  drw-              -  Feb 21 2012 17:16:36   compatible
        9  drw-              -  Feb 09 2012 14:20:10   selftest
       10  -rw-         19,174  Feb 20 2012 18:55:32   backup.cfg
       11  -rw-         43,496  Dec 15 2011 20:59:36   20111215.zip
       12  -rw-            588  Nov 04 2011 13:54:04   servercert.der
       13  -rw-            320  Nov 04 2011 13:54:26   serverkey.der
       14  drw-              -  Nov 04 2011 13:58:36   security
    ...
    6,144 KB total (5,196 KB free)
                                       
    # Access the working directory on the FTP server and check the vrpcfg.zip file.

Configuration Files

None

Example for Accessing Other Device Files Through SFTP (in Password Authentication Mode)

Networking Requirements

SSH guarantees secure file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. In SFTP mode, the client can securely connect to the SSH server and transfer files.

As shown in Figure 3-29, the routes between the SSH server and client are reachable. All devices mentioned in this example are Huawei devices.

It is required that the client should connect to the SSH server in password authentication mode to ensure secure access to files on the server.

Figure 3-29  Networking diagram of accessing other device files through SFTP

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair on the SSH server and enable the SFTP server function to implement secure data exchange between the server and client.
  2. Configure the user client on the SSH server to log in to the SSH server in password authentication mode.
  3. Enable the user to log in to the SSH server through SFTP and access the files on the server.

Procedure

  1. Generate a local key pair on the SSH server and enable the SFTP server function.

    <Quidway> system-view 
    [Quidway] sysname SSH Server
    [SSH Server] rsa local-key-pair create
    The key name will be: Host
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
           it will take a few minutes.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ...........++++++++++++
    ..................++++++++++++
    ...++++++++
    ...........++++++++
    [SSH Server] sftp server enable

  2. Create an SSH user on the server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
    [SSH Server-ui-vty0-4] authentication-mode aaa
    [SSH Server-ui-vty0-4] protocol inbound all
    [SSH Server-ui-vty0-4] user privilege level 15
    [SSH Server-ui-vty0-4] quit

    # Create an SSH user named client. Configure the password authentication mode for the user and set the password to huawei@123.

    [SSH Server] aaa
    [SSH Server-aaa] local-user client password irreversible-cipher huawei@123
    [SSH Server-aaa] local-user client service-type ssh
    [SSH Server-aaa] quit
    [SSH Server] ssh user client authentication-type password

  3. Connect the SFTP client to the SSH server.

    # Enable the first authentication function on the SSH client upon the first login.

    Enable the first authentication function for Client.

    <Huawei> system-view
    [Huawei] sysname client
    [client] ssh client first-time enable

    # Log in to the SSH server from Client in password authentication mode.

    <client> system-view
    [client] sftp 10.1.1.1 
    Please input the username: client
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1 ...
    The server is not authenticated. Continue to access it?[Y/N]:y
    Save the server's public key?[Y/N]:y
    The server's public key will be saved with the name 10.1.1.1. Please wait.
    ..
    
    Enter password:
    <sftp-client> 

  4. Verify the configuration.

    After the configuration, run the display ssh server status and display ssh server session commands on the SSH server. You can find that the SFTP service has been enabled and the SFTP client has connected to the SSH server. You can run the display ssh user-information command to check information about the SSH users on the server.

    # Check the status of the SSH server.

    [SSH Server] display ssh server status
     SSH version                         :1.99
     SSH connection timeout              :60 seconds
     SSH server key generating interval  :0 hours
     SSH Authentication retries          :3 times 
     SFTP Server                         :Enable
     Stelnet server                      :Disable 

    # Check the SSH server connections.

    [SSH Server] display ssh server session
    --------------------------------------------------------------------
     Conn   Ver   Encry     State  Auth-type        Username             
     --------------------------------------------------------------------
     VTY 1  2.0   AES       run    password         client            
    

    # Check information about SSH users.

    [SSH Server] display ssh user-information
     -------------------------------------------------------------------------------
     Username         Auth-type          User-public-key-name
     -------------------------------------------------------------------------------
     client           password           null
     -------------------------------------------------------------------------------

Configuration Files
  • SSH server configuration file

    #
     sysname SSH Server
    #
    aaa
     local-user client password irreversible-cipher %$%$c|-D8KO4/,B[(FR.r!LHg]TK%$%$
     local-user client service-type ssh
    #
     sftp server enable
    #
    user-interface vty 0 4
     authentication-mode aaa
     user privilege level 15
     protocol inbound all
    #
    return
  • SSH client configuration file

    #
     sysname client
    #
    ssh client first-time enable
    #
    return 

Example for Accessing Other Device Files Through SFTP (in RSA Authentication Mode)

Networking Requirements

SSH guarantees secure file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. In SFTP mode, the client can securely connect to the SSH server and transfer files.

As shown in Figure 3-30, the routes between the SSH server and client are reachable. Huawei device is used as the SSH server in this example.

It is required that the client should connect to the SSH server in RSA authentication mode to ensure secure access to files on the server.

Figure 3-30  Networking diagram of accessing other device files through SFTP

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair on the SSH server and enable the SFTP server function to implement secure data exchange between the server and client.
  2. Configure the user client on the SSH server to log in to the SSH server in RSA authentication mode.
  3. Generate a local key pair on the client and configure the RSA public key generated on the client to the SSH server, which implements authentication on the client when the user logs in to the server from the client.
  4. Enable the user client to log in to the SSH server through SFTP and access the files on the server.

Procedure

  1. Generate a local key pair on the SSH server and enable the SFTP server function.

    <Quidway> system-view 
    [Quidway] sysname SSH Server
    [SSH Server] rsa local-key-pair create
    The key name will be: Host
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
           It will take a few minutes.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ...........++++++++++++
    ..................++++++++++++
    ...++++++++
    ...........++++++++
    [SSH Server] sftp server enable

  2. Create an SSH user on the server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
    [SSH Server-ui-vty0-4] authentication-mode aaa
    [SSH Server-ui-vty0-4] protocol inbound all
    [SSH Server-ui-vty0-4] user privilege level 15
    [SSH Server-ui-vty0-4] quit

    # Create an SSH user named client and configure the RSA authentication mode for the user.

    [SSH Server] aaa
    [SSH Server-aaa] local-user client password irreversible-cipher huawei@123
    [SSH Server-aaa] local-user client service-type ssh
    [SSH Server-aaa] quit
    [SSH Server] ssh user client authentication-type rsa

  3. Generate a local key pair on the client and configure the RSA public key generated on the client to the SSH server.

    # Configure the client to generate a local key pair.

    <Huawei> system-view
    [Huawei] sysname client
    [client] rsa local-key-pair create
    The key name will be: Host
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
           It will take a few minutes.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ...........++++++++++++
    ..................++++++++++++
    ...++++++++
    ...........++++++++

    # Check the RSA public key of the client.

    [client] display rsa local-key-pair public
    
    =====================================================
    Time of Key pair created: 2012-08-25 15:17:31+00:00 
    Key name: Host 
    Key type: RSA encryption Key 
    =====================================================
    Key code:
    3048
      0241
        D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082
        48A580C1 E6CC295C 8D00E1B0 85E02EC1 32D01F46
        EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035
        D3050A97 57
      0203
        010001
    
    =====================================================
    Time of Key pair created: 2012-08-25 15:17:44+00:00
    Key name: Server
    Key type: RSA encryption Key
    =====================================================
    Key code:
    3067
      0260
        B98B5088 7A44A21E 80C929DF 23F8FF16 DF7F6F06
        23B69CAA C3A2CE11 4F37F7D4 E8C56682 A9DB6705
        23C69B6A 5C5D9312 72E93890 D0861237 EC6468A0
        96AEB062 2B4874BB 57F8A69E 30003C61 9B37906C
        1C0E4C09 91C57F94 AECD5005 F7AC2281
      0203
        010001

    # Configure the RSA public key generated on the client to the SSH server. The display command output in bold indicates the RSA public key generated. Copy the key to the server side.

    [SSH Server] rsa peer-public-key rsakey001
    Enter "RSA public key" view, return system view with "peer-public-key end".
    NOTE: The number of the bits of public key must be between 769 and 2048.
    [SSH Server-rsa-public-key] public-key-code begin
    Enter "RSA key code" view, return last view with "public-key-code end".
    [SSH Server-rsa-key-code] 3048
    [SSH Server-rsa-key-code] 0241
    [SSH Server-rsa-key-code] D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082
    [SSH Server-rsa-key-code] 48A580C1 E6CC295C 8D00E1B0 85E02EC1 32D01F46
    [SSH Server-rsa-key-code] EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035
    [SSH Server-rsa-key-code] D3050A97 57
    [SSH Server-rsa-key-code] 0203
    [SSH Server-rsa-key-code] 010001
    [SSH Server-rsa-key-code] public-key-code end
    [SSH Server-rsa-public-key] peer-public-key end

    # Bind the RSA public key of the SSH client to the SSH user client.

    [SSH Server] ssh user client assign rsa-key rsakey001

  4. Connect the SFTP client to the SSH server.

    Enable the first authentication function for the SFTP client.

    [client] ssh client first-time enable

    # Log in to the SSH server from the SFTP client in RSA authentication mode.

    <client> system-view
    [client] sftp 10.1.1.1
    Please input the username: client
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1 ...
    The server is not authenticated. Continue to access it? [Y/N] :y
    Save the server's public key? [Y/N] :y
    The server's public key will be saved with the name 10.1.1.1. Please wait.
    ..
    
    sftp-client>
    

  5. Verify the configuration.

    After the configuration, run the display ssh server status and display ssh server session commands on the SSH server. You can find that the SFTP service has been enabled and the SFTP client has connected to the SSH server. You can run the display ssh user-information command to check information about the SSH users on the server.

    # Check the status of the SSH server.

    [SSH Server] display ssh server status
     SSH version                         :1.99
     SSH connection timeout              :60 seconds
     SSH server key generating interval  :0 hours
     SSH Authentication retries          :3 times 
     SFTP Server                         :Enable
     Stelnet server                      :Disable 

    # Check the SSH server connections.

    [SSH Server] display ssh server session
    --------------------------------------------------------------------
     Conn   Ver   Encry     State  Auth-type        Username             
     --------------------------------------------------------------------
     VTY 2  2.0   AES       run    rsa              client
     --------------------------------------------------------------------

    # Check information about SSH users.

    [SSH Server] display ssh user-information
     -------------------------------------------------------------------------------
     Username         Auth-type          User-public-key-name
     -------------------------------------------------------------------------------
     client           rsa                rsakey001 
     -------------------------------------------------------------------------------

Configuration Files
  • SSH server configuration file

    #
     sysname SSH Server
    #
     rsa peer-public-key rsakey001
      public-key-code begin
       3048
         0241
           D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082 48A580C1 E6CC295C 8D00E1B0
           85E02EC1 32D01F46 EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035 D3050A97
           57
         0203
           010001
      public-key-code end
     peer-public-key end
    #
    aaa
     local-user client password irreversible-cipher %$%$4var7p!aM*ULpu4#T=@-30'{%$%$
     local-user client service-type ssh
    #
     ssh user client assign rsa-key rsakey001
     ssh user client authentication-type rsa
     sftp server enable
    #
    user-interface vty 0 4
     authentication-mode aaa
     user privilege level 15
     protocol inbound all
    #
    return
  • SSH client configuration file

    #
     sysname client
    #
    ssh client first-time enable
    #
    return
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 116390

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next