No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S9300, S9300E, and S9300X V200R011C10

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the SFTP Server

Example for Configuring the SFTP Server

Networking Requirements

As shown in Figure 7-4, routes between the PC and the device functioning as an SSH server are reachable. 10.136.23.4 is the management IP address on the SSH server. Configure the device as an SSH server so that the server can authenticate the client and encrypt data in bidirectional mode. This prevents man-in-middle attacks and MAC/IP address spoofing and ensures secure file transfer.

Figure 7-4  Networking diagram for managing files using SFTP when the device functions as an SSH server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.

  2. Configure the VTY user interface on the SSH server.

  3. Configure SSH user information including the authentication mode, service type, authorized directory, user name, and password.

  4. Connect to the SSH server using the third-party software OpenSSH on the PC.

Procedure

  1. Generate a local key pair on the SSH server, and enable the SFTP server.

    <Quidway> system-view
    [Quidway] sysname SSH_Server
    [SSH_Server] dsa local-key-pair create
    Info: The key name will be: SSH_Server_Host_DSA.                                                                                   
    Info: The key modulus can be any one of the following : 1024, 2048.                                                            
    Info: If the key modulus is greater than 512, it may take a few minutes.                                                            
    Please input the modulus [default=2048]:                                                                                            
    Info: Generating keys......                                                                                                            
    Info: Succeeded in creating the DSA host keys. 
    [SSH_Server] sftp server enable

  2. Configure the VTY user interface on the SSH_Server.

    [SSH_Server] user-interface vty 0 14
    [SSH_Server-ui-vty0-14] authentication-mode aaa
    [SSH_Server-ui-vty0-14] protocol inbound ssh
    [SSH_Server-ui-vty0-14] quit

  3. Configure SSH user information including the authentication mode, service type, authorized directory, user name, and password.

    [SSH_Server] ssh user client001 authentication-type password
    [SSH_Server] ssh user client001 service-type sftp
    [SSH_Server] ssh user client001 sftp-directory cfcard: 
    [SSH_Server] aaa
    [SSH_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789
    [SSH_Server-aaa] local-user client001 privilege level 15
    [SSH_Server-aaa] local-user client001 service-type ssh
    [SSH_Server-aaa] quit

  4. Connect to the SSH server using the third-party software OpenSSH on the PC.

    The Windows CLI can identify OpenSSH commands only when the OpenSSH is installed on the PC.

    NOTE:
    Use the OpenSSH of a version matching the terminal operating system; otherwise, you may fail to access the switch through SFTP.
    Figure 7-5  Connecting to the SSH server

    After you connect to the SSH server through third-party software, the SFTP view is displayed. Then you can perform file-related operations in the SFTP view.

Configuration File

SSH_Server configuration file

#
sysname SSH_Server
#
aaa
 local-user client001 password irreversible-cipher $1a$P2m&M5d"'JHR7b~SrcHF\Z\,2R"t&6V|zOLh9y$>M\bjG$D>%@Ug/<3I$+=Y$
 local-user client001 privilege level 15
 local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory cfcard:
#
user-interface vty 0 14
 authentication-mode aaa
#
return
Translation
Download
Updated: 2019-04-17

Document ID: EDOC1000178413

Views: 68712

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next