No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fit AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
sftp

sftp

Function

The sftp command connects the device to the SSH server so that you can manage files that are stored on the SFTP server.

Format

# Connect the SFTP client to the SFTP server based on IPv4.

sftp [ -a source-address | -i interface-type interface-number ] host-ip [ port ] [ [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ]

# Connect the SFTP client to the SFTP server based on IPv6.

sftp ipv6 [ -a source-address ] host-ipv6 [ -oi interface-type interface-number ] [ port ] [ [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ]

Parameters

Parameter Description Value
-a source-address Specifies the source IP address for connecting to the SFTP client. You are advised to use the loopback interface IP address.
  • IPv4 address: dotted decimal notation.
  • IPv6 address: 32-digit hexadecimal number in X:X:X:X:X:X:X:X format.
-i interface-type interface-number

Specifies the source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the SFTP connection cannot be set up.

-
host-ip Specifies the IP address or host name of the remote IPv4 SFTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

host-ipv6 Specifies the IPv6 address or host name of the remote IPv6 SFTP server. The value is a string of 1 to 255 case-insensitive characters without spaces.
-oi interface-type interface-number

Specifies an outbound interface on the local device.

If the remote host uses an IPv6 link-local address, you must specify the outbound interface on the local device.

-
port

Specifies the port number of the SSH server.

The value is an integer that ranges from ranges from 1 to 65535. The default port number is 22.
prefer_kex prefer_key-exchange Specifies the preferred key exchange algorithm.

The dh_group1, dh_exchange_group, and dh_group14_sha1 algorithms are supported currently. The default key exchange algorithm is dh_group14_sha1.

NOTE:

The dh_exchange_group algorithm is recommended.

  • If a key exchange algorithm list has been configured using the ssh client key-exchange command for the SSH client, select a key exchange algorithm from the list.
  • If no key exchange algorithm list has been configured using the ssh client key-exchange command for the SSH client, select one from dh_group1, dh_exchange_group, dh_group14_sha1.
prefer_ctos_cipher prefer_ctos_cipher Specifies the preferred encryption algorithm from the client to the server.

The 3des, aes256_cbc, aes128_ctr, aes256_ctr, and aes128 algorithms are supported currently. The default algorithm are aes256_ctr and aes128.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client secure-algorithms cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client secure-algorithms cipher command for the SSH client, select one from 3des, aes128, aes256_cbc, aes128_ctr, and aes256_ctr.
prefer_stoc_cipher prefer_stoc_cipher Specifies the preferred encryption algorithm from the server to the client.

The 3des, aes256_cbc, aes128_ctr, aes256_ctr, and aes128 algorithms are supported currently. The default algorithm are aes256_ctr and aes128.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client secure-algorithms cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client secure-algorithms cipher command for the SSH client, select one from 3des, aes128, aes256_cbc, aes128_ctr, and aes256_ctr.
prefer_ctos_hmac prefer_ctos_hmac Specifies the preferred HMAC algorithm from the client to the server.

The sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 algorithms are supported currently. The default algorithm is sha2_256.

NOTE:
  • If an HMAC algorithm list has been configured using the ssh client secure-algorithms hmac command for the SSH client, select an HMAC algorithm from the list.
  • If no HMAC algorithm list has been configured using the ssh client secure-algorithms hmac command for the SSH client, select one from sha1, sha1_96, md5, md5_96, sha2_256, and sha2_256_96.
prefer_stoc_hmac prefer_stoc_hmac Specifies the preferred HMAC algorithm from the server to the client.

The sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 algorithms are supported currently. The default algorithm is sha2_256.

NOTE:
  • If an HMAC algorithm list has been configured using the ssh client secure-algorithms hmac command for the SSH client, select an HMAC algorithm from the list.
  • If no HMAC algorithm list has been configured using the ssh client secure-algorithms hmac command for the SSH client, select one from sha1, sha1_96, md5, md5_96, sha2_256, and sha2_256_96.
-ki aliveinterval Specifies the interval for sending keepalive packets when no packet is received in reply. The value is an integer that ranges from 1 to 3600, in seconds.
-kc alivecountmax Specifies the times for sending keepalive packets when no packet is received in reply. The value is an integer that ranges from 3 to 10. The default value is 5.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SFTP is short for SSH FTP that is a secure FTP protocol. SFTP is on the basis of SSH. It ensures that users can log in to a remote device securely for file management and transmission, and enhances the security in data transmission. In addition, you can log in to a remote SSH server from the device that functions as an SFTP client.

When the connection between the SFTP server and client fails, the SFTP client must detect the fault in time and disconnect from the SFTP server. To ensure this, before being connected to the server in SFTP mode, the client must be configured with the interval and times for sending the keepalive packet when no packet is received in reply. If the client receives no packet in reply within the specified interval, the client sends the keepalive packet to the server again. If the maximum number of times that the client sends keepalive packets exceeds the specified value, the client releases the connection. By default, when no packet is received, the function for sending keepalive packets is not enabled.

Precautions

  • You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified. This shields the IP address differences and interface status impact, and incoming and filters outgoing packets, and implements security authentication.
  • If the current listening port number is not 22, you must specify a listening port number for logging in to the SFTP client.

  • If you cannot run the sftp command successfully when you configured the ACL on the SFTP client, or when the TCP connection fails, an error message is displayed indicating that the SFTP client cannot be connected to the server.

Example

# Set keepalive parameters when the client is connected to the server in SFTP mode.

<Huawei> system-view
[Huawei] sftp 10.164.39.223 -ki 10 -kc 4
Please input the username: client001
Trying 10.164.39.223 ...
Press CTRL+K to abort
Enter password:
sftp-client>
Related Topics
Translation
Download
Updated: 2019-07-18

Document ID: EDOC1100064353

Views: 125307

Downloads: 98

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next