No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Basic Configuration

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the Basic configuration supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Managing Files When the Device Functions as an SFTP Client

Example for Managing Files When the Device Functions as an SFTP Client

Networking Requirements

SSH secures file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. The client uses SFTP to securely connect to the SSH server and transfer files.

As shown in Figure 11-7, routes between the SSH server and clients client001 and client002 are reachable. In this example, Huawei device functions as an SSH server.

Client001 connects to the SSH server using the password authentication mode, and client002 using the RSA authentication mode.

Figure 11-7  Networking diagram for managing files when the device functions as an SFTP client

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.
  2. Create users client001 and client002 and set their authentication modes on the SSH server.
  3. Generate a local key pair on client002 and configure the RSA public key of client002 on the SSH server so that the server can authenticate the client when the client connects to the server.
  4. Log in to the SSH server as users client001 and client002 using SFTP and manage files.

Procedure

  1. Generate a local key pair and enable the SFTP server function on the SSH server.

    <Huawei> system-view
    [Huawei] sysname SSH Server
    [SSH Server] sftp server enable
    [SSH Server] rsa local-key-pair create
    The key name will be: Host
    RSA keys defined for Host already exist.
    Confirm to replace them? (y/n)[n]:y
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is less than 2048,
           It will introduce potential security risks.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ......................................................................................+++
    ....+++
    .......................................++++++++
    ..............++++++++
    

  2. Create SSH users on the SSH server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
    [SSH Server-ui-vty0-4] authentication-mode aaa
    [SSH Server-ui-vty0-4] protocol inbound ssh
    [SSH Server-ui-vty0-4] user privilege level 3
    [SSH Server-ui-vty0-4] quit

    # Create the client001 user and set the authentication mode to password for the user.

    [SSH Server] aaa
    [SSH Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789
    [SSH Server-aaa] local-user client001 service-type ssh
    [SSH Server-aaa] local-user client001 privilege level 3
    [SSH Server-aaa] quit
    [SSH Server] ssh user client001 authentication-type password

    # Create an SSH user client002 and set the authentication mode to rsa for the user.

    [SSH Server] aaa
    [SSH Server-aaa] local-user client002 password irreversible-cipher Helloworld@6789
    [SSH Server-aaa] local-user client002 service-type ssh
    [SSH Server-aaa] local-user client002 privilege level 3
    [SSH Server-aaa] quit
    [SSH Server] ssh user client002 authentication-type rsa

  3. Generate a local key pair on client002 and configure the RSA public key of client002 on the SSH server.

    # Generate a local key pair on client002.

    <Huawei> system-view
    [Huawei] sysname client002
    [client002] rsa local-key-pair create
    The key name will be: Host
    RSA keys defined for Host already exist.
    Confirm to replace them? (y/n)[n]:y
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is less than 2048,
           It will introduce potential security risks.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ......................................................................................+++
    ....+++
    .......................................++++++++
    ..............++++++++
    

    # Check the RSA public key of the client.

    [client002] display rsa local-key-pair public
    =====================================================
    Time of Key pair created: 2012-08-06 17:17:37+00:00
    Key name: Host
    Key type: RSA encryption Key
    =====================================================
    Key code:
    30820109
      02820100
        CB0E88EC A1C2CFEA F97126F9 36919C08 0455127B
        A3A48594 69517096 35626F55 E4FAF0EB FDA2B9E9
        5E417B2B E09F38B0 D26FCA73 FE2E3FC4 DFBEC8CF
        4ED0C909 E8D975E6 FFC73C81 D13FE71E 759DC805
        B0F0E877 4FC9288E BE1E197C 2A7186B0 B56F5573
        3A5EA588 29C63E3B 20D56233 8E63278D F941734F
        6B359C69 BBAE5A52 EB842179 04B4204D 5DB31D72
        97F0C085 DA771F66 0AAADC28 D264CEB9 5BADA92C
        CDE9F116 D6D99C48 CEBA3A1D 868B053A 32941D85
        CCAA9796 A4B55760 0A8108ED DB45DA12 F61634C9
        59431600 341FEDEF 5379D565 A8D1953D DEA018A2
        72F99FFC 63DE04BF 2A6219BD DF13D705 27D63DEF
        83D556BC 5B44D983 8D5EA126 C1EB71CB 
      0203
        010001
    
    =====================================================
    Time of Key pair created: 2012-08-06 17:17:44+00:00
    Key name: Server
    Key type: RSA encryption Key
    =====================================================
    Key code:
    3067
      0260
        DF8AFF3C 28213B94 2292852E E98657EE 11DE5AF4
        8A176878 CDD4BD31 55E05735 3080F367 A83A9034
        47D534CA 81250C1D 35401DC3 464E9E5F A50202CF
        A7AD09CD AC3F531C A763F0A0 4C8E51B9 18755400
        76AF4A78 225C92C3 01FE0DFF 06908363
      0203
        010001 
    # Configure the RSA public key on the SSH server. (Information in bold in the display command output is the RSA public key. Copy the information to the server.)
    [SSH Server] rsa peer-public-key rsakey001
    [SSH Server-rsa-public-key] public-key-code begin
    [SSH Server-rsa-key-code] 30820109
    [SSH Server-rsa-key-code] 02820100
    [SSH Server-rsa-key-code] CB0E88EC A1C2CFEA F97126F9 36919C08 0455127B
    [SSH Server-rsa-key-code] A3A48594 69517096 35626F55 E4FAF0EB FDA2B9E9
    [SSH Server-rsa-key-code] 5E417B2B E09F38B0 D26FCA73 FE2E3FC4 DFBEC8CF
    [SSH Server-rsa-key-code] 4ED0C909 E8D975E6 FFC73C81 D13FE71E 759DC805
    [SSH Server-rsa-key-code] B0F0E877 4FC9288E BE1E197C 2A7186B0 B56F5573
    [SSH Server-rsa-key-code] 3A5EA588 29C63E3B 20D56233 8E63278D F941734F
    [SSH Server-rsa-key-code] 6B359C69 BBAE5A52 EB842179 04B4204D 5DB31D72
    [SSH Server-rsa-key-code] 97F0C085 DA771F66 0AAADC28 D264CEB9 5BADA92C
    [SSH Server-rsa-key-code] CDE9F116 D6D99C48 CEBA3A1D 868B053A 32941D85
    [SSH Server-rsa-key-code] CCAA9796 A4B55760 0A8108ED DB45DA12 F61634C9
    [SSH Server-rsa-key-code] 59431600 341FEDEF 5379D565 A8D1953D DEA018A2
    [SSH Server-rsa-key-code] 72F99FFC 63DE04BF 2A6219BD DF13D705 27D63DEF
    [SSH Server-rsa-key-code] 83D556BC 5B44D983 8D5EA126 C1EB71CB
    [SSH Server-rsa-key-code] 0203
    [SSH Server-rsa-key-code] 010001
    [SSH Server-rsa-key-code] public-key-code end
    [SSH Server-rsa-public-key] peer-public-key end

    # Bind the client002 user to the RSA public key of client002.

    [SSH Server] ssh user client002 assign rsa-key rsakey001

  4. Connect SFTP clients to the SSH server.

    # If the clients connect to the SSH server for the first time, enable the initial authentication function on the clients.

    Enable the initial authentication function on client001.

    <Huawei> system-view
    [Huawei] sysname client001
    [client001] ssh client first-time enable

    Enable the initial authentication function on client002.

    [client002] ssh client first-time enable

    # Log in to the SSH server from client001 in password authentication mode.

    [client001] sftp 10.1.1.1 
    Please input the username: client001
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1 ...
     Continue to access it? [Y/N]:y
     [Y/N]:y
    The server's public key will be saved with the name 10.1.1.1. Please wait.
    ..
    
    Enter password:
    sftp-client> 

    # Log in to the SSH server from client002 in RSA authentication mode.

    [client002] sftp 10.1.1.1
    Please input the username: client002
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1 ...
     Continue to access it? [Y/N]:y
     [Y/N]:y
    The server's public key will be saved with the name 10.1.1.1. Please wait.
    ..
    
    sftp-client>
    

  5. Verify the configurations.

    # Run the display ssh server status command. You can see that the SFTP service has been enabled. Run the display ssh user-information command. Information about the configured SSH users is displayed.

    # Check the SSH server status.

    [SSH Server] display ssh server status
     SSH version                         :1.99
     SSH connection timeout              :60 seconds
     SSH server key generating interval  :0 hours
     SSH Authentication retries          :3 times 
     SFTP Server                         :Enable
     Stelnet server                      :Disable 

    # Check information about SSH users.

    [SSH Server] display ssh user-information
     -------------------------------------------------------------------------------
     Username         Auth-type          User-public-key-name
     -------------------------------------------------------------------------------
     client001        password           null
     client002        rsa                rsakey001
     -------------------------------------------------------------------------------

Configuration Files

  • Configure file on the SSH server

    #
    sysname SSH Server
    #
     rsa peer-public-key rsakey001
      public-key-code begin
       30820109
         02820100
           CB0E88EC A1C2CFEA F97126F9 36919C08 0455127B A3A48594 69517096 35626F55
           E4FAF0EB FDA2B9E9 5E417B2B E09F38B0 D26FCA73 FE2E3FC4 DFBEC8CF 4ED0C909
           E8D975E6 FFC73C81 D13FE71E 759DC805 B0F0E877 4FC9288E BE1E197C 2A7186B0
           B56F5573 3A5EA588 29C63E3B 20D56233 8E63278D F941734F 6B359C69 BBAE5A52
           EB842179 04B4204D 5DB31D72 97F0C085 DA771F66 0AAADC28 D264CEB9 5BADA92C
           CDE9F116 D6D99C48 CEBA3A1D 868B053A 32941D85 CCAA9796 A4B55760 0A8108ED
           DB45DA12 F61634C9 59431600 341FEDEF 5379D565 A8D1953D DEA018A2 72F99FFC
           63DE04BF 2A6219BD DF13D705 27D63DEF 83D556BC 5B44D983 8D5EA126 C1EB71CB
         0203                                 
           010001
      public-key-code end
     peer-public-key end
    #
    aaa
     local-user client001 password irreversible-cipher %^%#HW=5%Mr;:2)/RX$FnU1HLO%-TBMp4wn%;~\#%iAut}_~O%0L%^%#
     local-user client001 privilege level 3
     local-user client001 service-type ssh
     local-user client002 password irreversible-cipher %^%#*~Br";[g6Pv5Zf>$~{hY+N!`{$<[Y{;l02P)B,EBz\1FN!c+%^%#
     local-user client002 privilege level 3
     local-user client002 service-type ssh
    #
     ssh user client002 assign rsa-key rsakey001
     ssh user client002 authentication-type rsa
     sftp server enable
    #
    user-interface vty 0 4
     authentication-mode aaa
     user privilege level 3
     protocol inbound ssh
    #
    return
  • Configuration file on client001

    #
     sysname client001
    #
    ssh client first-time enable
    #
    return 
  • Configuration file on client002

    #
     sysname client002
    #
    ssh client first-time enable
    #
    return
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034225

Views: 44940

Downloads: 100

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next