sftp
Function
The sftp command connects the device to the SSH server so that you can manage files that are stored on the SFTP server.
Format
# Connect the SFTP client to the SFTP server based on IPv4.
sftp [ -a source-address | -i interface-type interface-number ] host-ip [ port ] [ [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ]
# Connect the SFTP client to the SFTP server based on IPv6.
sftp ipv6 [ -a source-address ] host-ipv6 [ -oi interface-type interface-number ] [ port ] [ [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| -a source-address | Specifies the source IP address for connecting to the SFTP client. You are advised to use the loopback interface IP address. |
|
| -i interface-type interface-number | Specifies the source interface type and ID. You are advised to use the loopback interface. The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the SFTP connection cannot be set up. |
- |
| host-ip | Specifies the IP address or host name of the remote IPv4 SFTP server. | The value is a string of 1 to 255 case-insensitive characters without spaces. |
| host-ipv6 | Specifies the IPv6 address or host name of the remote IPv6 SFTP server. | The value is a string of 1 to 255 case-insensitive characters without spaces. |
| -oi interface-type interface-number | Specifies an outbound interface on the local device. If the remote host uses an IPv6 link-local address, you must specify the outbound interface on the local device. |
- |
| port | Specifies the port number of the SSH server. |
The value is an integer that ranges from 1 to 65535. The default port number is 22. |
| prefer_kex prefer_key-exchange | Specifies the preferred key exchange algorithm. | The dh_group1, dh_exchange_group, and dh_group14_sha1 algorithms are supported currently. The default key exchange algorithm is dh_group14_sha1. NOTE:
The dh_exchange_group algorithm is recommended.
|
| prefer_ctos_cipher prefer_ctos_cipher | Specifies the preferred encryption algorithm from the client to the server. | The 3des, aes256_cbc, aes128_ctr, aes256_ctr, and aes128 algorithms are supported currently. The default algorithm are aes256_ctr and aes128. NOTE:
|
| prefer_stoc_cipher prefer_stoc_cipher | Specifies the preferred encryption algorithm from the server to the client. | The 3des, aes256_cbc, aes128_ctr, aes256_ctr, and aes128 algorithms are supported currently. The default algorithm are aes256_ctr and aes128. NOTE:
|
| prefer_ctos_hmac prefer_ctos_hmac | Specifies the preferred HMAC algorithm from the client to the server. | The sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 algorithms are supported currently. The default algorithm is sha2_256. NOTE:
|
| prefer_stoc_hmac prefer_stoc_hmac | Specifies the preferred HMAC algorithm from the server to the client. | The sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 algorithms are supported currently. The default algorithm is sha2_256. NOTE:
|
| -ki aliveinterval | Specifies the interval for sending keepalive packets when no packet is received in reply. | The value is an integer that ranges from 1 to 3600, in seconds. |
| -kc alivecountmax | Specifies the times for sending keepalive packets when no packet is received in reply. | The value is an integer that ranges from 3 to 10. The default value is 5. |
Usage Guidelines
Usage Scenario
SFTP is short for SSH FTP that is a secure FTP protocol. SFTP is on the basis of SSH. It ensures that users can log in to a remote device securely for file management and transmission, and enhances the security in data transmission. In addition, you can log in to a remote SSH server from the device that functions as an SFTP client.
When the connection between the SFTP server and client fails, the SFTP client must detect the fault in time and disconnect from the SFTP server. To ensure this, before being connected to the server in SFTP mode, the client must be configured with the interval and times for sending the keepalive packet when no packet is received in reply. If the client receives no packet in reply within the specified interval, the client sends the keepalive packet to the server again. If the maximum number of times that the client sends keepalive packets exceeds the specified value, the client releases the connection. By default, when no packet is received, the function for sending keepalive packets is not enabled.
Precautions
Enable the SFTP service on the SSH server by sftp server enable command, before connecting the SSH server by using the SFTP command.
- You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified. This shields the IP address differences and interface status impact, and incoming and filters outgoing packets, and implements security authentication.
If the current listening port number is not 22, you must specify a listening port number for logging in to the SFTP client.
If you cannot run the sftp command successfully when you configured the ACL on the SFTP client, or when the TCP connection fails, an error message is displayed indicating that the SFTP client cannot be connected to the server.
If multiple APs use the same IP address, you cannot log in to an AP using its IP address using the stelnet command. In this case, you can run the sftp ap command to log in to an AP using the AP ID or name.
