No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Configuration Guide - Basic Configuration

This document describes the configurations of Basic, including CLI Overview, EasyDeploy Configuration, USB-based Deployment Configuration, Logging In to a Device for the First Time, CLI Login Configuration, Web System Login Configuration, File Management, Configuring System Startup, ISSU Configuration, BootLoad Menu Operation.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the SFTP Server

Example for Configuring the SFTP Server

Networking Requirements

As shown in Figure 8-4, routes between the PC and the device functioning as an SSH server are reachable. 10.136.23.4 is the management IP address on the SSH server. Configure the device as an SSH server so that it can authenticate the client (PC) and encrypt data in bidirectional mode. This prevents man-in-middle attacks and MAC/IP address spoofing and ensures secure file transfer.

Figure 8-4  Networking diagram for managing files using SFTP when the device functions as an SSH server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.

  2. Configure the VTY user interface on the SSH server.

  3. Configure SSH user information including the authentication mode, service type, authorized directory, user name, and password.

  4. Connect to the SSH server using the third-party software OpenSSH on the PC.

Procedure

  1. Generate a local key pair on the SSH server, and enable the SFTP server.

    <HUAWEI> system-view
    [HUAWEI] sysname SSH_Server
    [SSH_Server] dsa local-key-pair create
    Info: The key name will be: SSH_Server_Host_DSA.                                                                                   
    Info: The key modulus can be any one of the following : 1024, 2048.                                                            
    Info: If the key modulus is greater than 512, it may take a few minutes.                                                            
    Please input the modulus [default=2048]:                                                                                            
    Info: Generating keys......                                                                                                            
    Info: Succeeded in creating the DSA host keys. 
    [SSH_Server] sftp server enable

  2. Configure the VTY user interface on the SSH_Server.

    [SSH_Server] user-interface vty 0 14
    [SSH_Server-ui-vty0-14] authentication-mode aaa
    [SSH_Server-ui-vty0-14] protocol inbound ssh
    [SSH_Server-ui-vty0-14] quit

  3. Configure SSH user information including the authentication mode, service type, authorized directory, user name, and password.

    [SSH_Server] ssh user client001 authentication-type password
    [SSH_Server] ssh user client001 service-type sftp
    [SSH_Server] ssh user client001 sftp-directory flash: 
    [SSH_Server] aaa
    [SSH_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789
    [SSH_Server-aaa] local-user client001 privilege level 15
    [SSH_Server-aaa] local-user client001 service-type ssh
    [SSH_Server-aaa] quit

  4. Connect to the SSH server using the third-party software OpenSSH on the PC.

    The Windows CLI can identify OpenSSH commands only when OpenSSH is installed on the PC.

    NOTE:
    Use a version of OpenSSH that is compatible with the operating system running on the terminal. An incorrect version may prevent communication with the switch through SFTP.
    Figure 8-5  Connecting to the SSH server

    After you connect to the SSH server through third-party software, the SFTP view is displayed. You can then perform file-related operations in the SFTP view.

Configuration File

SSH_Server configuration file

#
sysname SSH_Server
#
aaa
 local-user client001 password irreversible-cipher $1a$P2m&M5d"'JHR7b~SrcHF\Z\,2R"t&6V|zOLh9y$>M\bjG$D>%@Ug/<3I$+=Y$
 local-user client001 privilege level 15
 local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory flash:
#
user-interface vty 0 14
 authentication-mode aaa
#
return
Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065643

Views: 10798

Downloads: 33

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next