No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Basic Configuration

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the Basic configuration supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Managing Files Using SFTP When the Device Functions as an SSH Server

Example for Managing Files Using SFTP When the Device Functions as an SSH Server

Networking Requirements

As shown in Figure 10-3, PC1 connects to the device, and the IP address of the management network interface on the device is 10.136.23.4. Files need to be securely transferred between PC1 and the device. Configure the device as the SSH server to provide the SFTP service so that the SSH server can authenticate the client and encrypt data in bidirectional mode, ensuring secure file transfer. A security policy is configured to ensure that only PC1 is allowed to access the SSH server.

Figure 10-3  Networking diagram for managing files using SFTP when the device functions as an SSH server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.

  2. Configure the VTY user interface on the SSH server.

  3. Configure SSH user information including the authentication mode, user name, and password.

  4. Configure access permissions on the SSH server to control SSH users.
  5. Connect to the SSH server using the third-party software OpenSSH on the PC.

Procedure

  1. Generate a local key pair on the SSH server, and enable the SFTP server.

    <Huawei> system-view
    [Huawei] sysname SSH Server
    [SSH Server] sftp server enable
    [SSH Server] rsa local-key-pair create
    The key name will be: Host
    RSA keys defined for Host already exist.
    Confirm to replace them? (y/n)[n]:y
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is less than 2048,
           It will introduce potential security risks.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ......................................................................................+++
    ....+++
    .......................................++++++++
    ..............++++++++
    

  2. Configure the VTY user interface on the SSH server.

    [SSH Server] user-interface vty 0 14
    [SSH Server-ui-vty0-14] authentication-mode aaa
    [SSH Server-ui-vty0-14] protocol inbound ssh
    [SSH Server-ui-vty0-14] quit

  3. Configure SSH user information including the authentication mode, user name, and password.

    [SSH Server] aaa
    [SSH Server-aaa] local-user client001 password irreversible-cipher Huawei@123
    [SSH Server-aaa] local-user client001 privilege level 15
    [SSH Server-aaa] local-user client001 service-type ssh
    [SSH Server-aaa] quit
    [SSH Server] ssh user client001 authentication-type password
    

  4. Configure access permissions on the SSH server.

    [SSH Server] acl 2001
    [SSH Server-acl-basic-2001] rule permit source 10.136.23.10 32
    [SSH Server-acl-basic-2001] rule deny source 10.136.23.20 32
    [SSH Server-acl-basic-2001] quit
    [SSH Server] user-interface vty 0 14
    [SSH Server-ui-vty0-14] acl 2001 inbound
    [SSH Server-ui-vty0-14] quit

  5. Connect to the SSH server using the third-party software OpenSSH on the PC.

    The Windows CLI can identify OpenSSH commands only when the OpenSSH is installed on the PC.

    Figure 10-4  Connecting to the SSH server

    After you connect to the SSH server through third-party software, the SFTP view is displayed. Then you can perform file-related operations in the SFTP view.

Configuration File

Configuration file of the SSH_Server

#
 sysname SSH Server
#       
acl number 2001           
 rule 5 permit source 10.136.23.10 0         
 rule 10 deny source 10.136.23.20 0       
#
aaa
 local-user client001 password irreversible-cipher %^%#<R<G9j0<_;@]`h@]TnCUuGP-1Za*%2i*k!X<~Q4Ha1B0GP0u%^%#
 local-user client001 privilege level 15
 local-user client001 service-type ssh
#
 sftp server enable
#
user-interface vty 0 14
 acl 2001 inbound
 authentication-mode aaa
 protocol inbound ssh
#
return
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1100034225

Views: 46351

Downloads: 101

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next