SupportDocumentationWLANACAC6000Configuration & CommissioningConfiguration Guide

Wireless Access Controller (AC and Fit AP) V200R019C10 CLI-based Configuration Guide

Configuration Examples for File Management

Configuration Examples for File Management

Example for Logging In to the Device to Manage Files

Configuration Requirements

After logging in to the device through the console interface, Telnet, or STelnet, perform the following operations:

  • View files and subdirectories in the current directory.
  • Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as backup.zip.
  • View files in the test directory.

Procedure

  1. View files and subdirectories in the current directory. 

    <HUAWEI> dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
    0  -rw-            889  Mar 01 2012 14:41:56   private-data.txt
    1  -rw-          6,311  Feb 17 2012 14:05:04   backup.cfg
    2  -rw-          2,393  Mar 06 2012 17:20:10   vrpcfg.zip
    3  -rw-            812  Dec 12 2011 15:43:10   hostkey
    4  drw-              -  Mar 01 2012 14:41:46   compatible
    5  -rw-            540  Dec 12 2011 15:43:12   serverkey
...
206,324 KB total (23,880 KB free)

  2. Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as backup.zip.

    # Create the test directory.

    <HUAWEI> mkdir test
Info: Create directory flash:/test......Done

    # Copy the vrpcfg.zip file to test and rename vrpcfg.zip as backup.zip.

    <HUAWEI> copy vrpcfg.zip flash:/test/backup.zip 
Copy flash:/vrpcfg.zip to flash:/test/backup.zip?(y/n)[n]:y
100%  complete
Info: Copied file flash:/vrpcfg.zip to flash:/test/backup.zip...Done

    If no destination file name is specified, the destination file is set to the source file name by default.

  3. View files in the test directory.

    # Access the test directory.

    <HUAWEI> cd test

    # View the current working directory.

    <HUAWEI> pwd
flash:/test

    # View files in the test directory.

    <HUAWEI> dir
Directory of flash:/test/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
    0  -rw-          2,399  Mar 12 2012 11:16:44   backup.zip

206,324 KB total (21,481 KB free)

Configuration Files

None

Example for Managing Files When the Device Functions as an FTP Server

Networking Requirements

As shown in Figure 3-23, routes between the PC and the device functioning as an FTP server are reachable. 10.136.23.5 is the IP address of VLANIF 1 on the FTP server. To upgrade the device, you must upload the system software devicesoft.cc to and download the configuration file vrpcfg.zip from the FTP server.

Figure 3-23 Network for managing files when the device functions as an FTP server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the FTP function and FTP user information including user name, password, user level, service type, and authorized directory on the FTP server.
  2. Save the vrpcfg.zip file on the FTP server.
  3. Connect to the FTP server on the PC.
  4. Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.

Procedure

  1. Configure the FTP function and FTP user information on the FTP server.

    Before configuring the directory accessible to FTP users, run the dir command to check information about existing directories to ensure validity of the directory to be configured.
    <HUAWEI> system-view
[HUAWEI] ftp server enable
Warning: FTP is not a secure protocol, and it is recommended to use SFTP.       
Info: Succeeded in starting the FTP server
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
[HUAWEI-aaa] local-user admin1234 privilege level 15
[HUAWEI-aaa] local-user admin1234 service-type ftp
[HUAWEI-aaa] local-user admin1234 ftp-directory flash:
[HUAWEI-aaa] quit

  2. Save the vrpcfg.zip file on the FTP server. 

    <HUAWEI> save

  3. Enter the path where the system software package resides on the PC, connect to the device using FTP, enter the user name admin1234 and password Helloworld@6789. Then, transfer the file in binary mode. 

    C:\Documents and Settings\Administrator> ftp 10.136.23.5
Connected to 10.136.23.5.
220 FTP service ready.
User (10.136.23.5:(none)): admin1234
331 Password required for admin1234.
Password:
230 User logged in.
ftp> binary
200 Type set to I.
ftp>

  4. Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.

    # Upload the devicesoft.cc file to the FTP server.

    ftp> put devicesoft.cc
200 Port command okay.
150 Opening BINARY mode data connection for devicesoft.cc
226 Transfer complete.
ftp: 93832832 bytes sent in 136.34Seconds 560.79Kbytes/sec.

    # Download the vrpcfg.zip file.

    ftp> get vrpcfg.zip
200 Port command okay.
150 Opening BINARY mode data connection for vrpcfg.zip.
226 Transfer complete.
ftp: 1257 bytes received in 0.03Seconds 40.55Kbytes/sec.
    The devicesoft.cc file to upload and the vrpcfg.zip file to download are stored in the local directory on the FTP client. Before uploading and downloading files, obtain the local directory on the client.

  5. Verify the configuration.

    # Run the dir command on the FTP server to check the devicesoft.cc file.

    <HUAWEI> dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
    0  -rw-             14  Mar 13 2012 14:13:38   back_time_a
    1  drw-              -  Mar 11 2012 00:58:54   logfile
    2  -rw-              4  Nov 17 2011 09:33:58   snmpnotilog.txt
    3  -rw-         11,238  Mar 12 2012 21:15:56   private-data.txt
    4  -rw-          1,257  Mar 12 2012 21:15:54   vrpcfg.zip
    5  -rw-             14  Mar 13 2012 14:13:38   back_time_b
    6  -rw-     93,832,832  Mar 13 2012 14:24:24   devicesoft.cc
    7  drw-              -  Oct 31 2011 10:20:28   sysdrv
    8  drw-              -  Feb 21 2012 17:16:36   compatible
    9  drw-              -  Feb 09 2012 14:20:10   selftest
   10  -rw-         19,174  Feb 20 2012 18:55:32   backup.cfg
   11  -rw-         23,496  Dec 15 2011 20:59:36   20111215.zip
   12  -rw-            588  Nov 04 2011 13:54:04   servercert.der
   13  -rw-            320  Nov 04 2011 13:54:26   serverkey.der
   14  drw-              -  Nov 04 2011 13:58:36   security
...
1,927,220 KB total (1,130,464 KB free)
    # Access the FTP user's local directory on the PC and check the vrpcfg.zip file.

Configuration Files

#
 ftp server enable
#
aaa
 local-user admin1234 password irreversible-cipher %^%#7B$FGbVut="mg,EB1+V3ApBK*dU,n@b:$2>xG%.#iRV+@Tp@X,P@^gKx2oe*%^%#
 local-user admin1234 privilege level 15
 local-user admin1234 ftp-directory flash:
 local-user admin1234 service-type ftp
#
interface Vlanif1
 ip address 10.136.23.5 255.255.255.0
#
return

Example for Managing Files Using SFTP When the Device Functions as an SSH Server

Networking Requirements

As shown in Figure 3-24, routes between the PC and the device functioning as an SSH server are reachable. 10.136.23.4 is the management IP address on the SSH server. Files need to be securely transferred between the PC and device to prevent man-in-the-middle attacks and some network attacks (such as DNS spoofing and IP spoofing). To ensure secure file transfer, the device needs to be configured as an SSH server to provide the SFTP service, so that the SSH server can authenticate the client (PC1) and bidirectional data is encrypted.

Figure 3-24 Network for managing files using SFTP when the device functions as an SSH server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.

  2. Configure the VTY user interface on the SSH server.

  3. Configure SSH user information including the authentication mode, user name, and password.

  4. Connect to the SSH server using the third-party software OpenSSH on the PC.

Procedure

  1. Generate a local key pair on the SSH server, and enable the SFTP server.

    <HUAWEI> system-view
[HUAWEI] sysname SSH Server
[SSH Server] ecc local-key-pair create
Info: The key name will be: SSH Server_Host_ECC.
Info: The ECC host key named AC_Host_ECC already exists.
Warning: Replace it? [Y/N]: y
Info: The key modulus can be any one of the following: 256, 384, 521.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=256]:256
Info: Generating keys...
Info: Succeeded in creating the ECC host keys.
[SSH Server] sftp server enable

  2. Configure the VTY user interface on the SSH server.

    [SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound all
[SSH Server-ui-vty0-4] quit

  3. Configure SSH user information including the authentication mode, user name, and password.

    [SSH Server] aaa
[SSH Server-aaa] local-user client001 password irreversible-cipher Huawei@123
[SSH Server-aaa] local-user client001 privilege level 15
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001 authentication-type password

  4. Connect to the SFTP server from the PC using the third-party software OpenSSH.

    The Windows CLI can identify OpenSSH commands only when OpenSSH is installed on the terminal. (The following information is for reference only.)

    C:\Documents and Settings\Administrator> sftp sftpuser@10.136.23.4 
Connecting to 10.136.23.4... 
The authenticity of host '10.136.23.4 (10.136.23.4)' can't be established. 
ECC key fingerprint is 46:b2:8a:52:88:42:41:d4:af:8f:4a:41:d9:b8:4f:ee. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added '10.136.23.4' (ECC) to the list of known hosts.  

User Authentication 
Password: 
sftp>

    After connecting to the SSH server, the SFTP view is displayed. Users can run SFTP commands to perform file-related operations in the SFTP view.

Configuration Files

#
 sysname SSH Server
#
aaa
 local-user client001 password irreversible-cipher %$%$k$Xg7H;w4HZP5nE4-E4(FcZQ%$%$
 local-user client001 privilege level 15
 local-user client001 service-type ssh
#
 sftp server enable
# user-interface vty 0 4  authentication-mode aaa  protocol inbound all
#
return

Example for Managing Files When the Device Functions as a TFTP Client

Networking Requirements

As shown in Figure 3-25, the remote device at 10.1.1.1/24 functions as the TFTP server. The device at 10.2.1.1/24 functions as the TFTP client. Routes between the device and the server are reachable.

The device needs to be upgraded. To upgrade the device, you must download system software devicesoft.cc from and upload the configuration file vrpcfg.zip to the TFTP server.

Figure 3-25 Network for managing files when the device functions as a TFTP client

Configuration Roadmap

The configuration roadmap is as follows:

  1. Run the TFTP software on the TFTP server and configure the working directory.
  2. Run TFTP commands to download devicesoft.cc from and upload vrpcfg.zip to the TFTP server.

Procedure

  1. Run the TFTP software on the TFTP server and configure the working directory. (For details, see the appropriate third-party documentation.)
  2. Run TFTP commands to download devicesoft.cc from and upload vrpcfg.zip to the TFTP server. 

    <HUAWEI> tftp 10.1.1.1 get devicesoft.cc
Info: Transfer file in binary mode.                                             
Downloading the file from the remote TFTP server. Please wait...                
/100%                                                                           
 93832832 bytes received in 271 seconds.                                          
TFTP: Downloading the file successfully.                                        
Now begins to save file, please wait......                                      
Info: Transfer file in binary mode.

    <HUAWEI> tftp 10.1.1.1 put vrpcfg.zip 
Info: Transfer file in binary mode.                                             
Uploading the file to the remote TFTP server. Please wait...                    
 100%                                                                           
TFTP: Uploading the file successfully.                                          
 2233264 bytes send in 57 seconds.

  3. Verify the configuration.

    # Run the dir command on the TFTP client to check the devicesoft.cc file.

    <HUAWEI> dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
    0  -rw-             14  Mar 13 2012 14:13:38   back_time_a
    1  drw-              -  Mar 11 2012 00:58:54   logfile
    2  -rw-              4  Nov 17 2011 09:33:58   snmpnotilog.txt
    3  -rw-         11,238  Mar 12 2012 21:15:56   private-data.txt
    4  -rw-          7,717  Mar 12 2012 21:15:54   vrpcfg.zip
    5  -rw-             14  Mar 13 2012 14:13:38   back_time_b
    6  -rw-     93,832,832  Mar 13 2012 14:24:24   devicesoft.cc
    7  drw-              -  Oct 31 2011 10:20:28   sysdrv
    8  drw-              -  Feb 21 2012 17:16:36   compatible
    9  drw-              -  Feb 09 2012 14:20:10   selftest
   10  -rw-         19,174  Feb 20 2012 18:55:32   backup.cfg
   11  -rw-         43,496  Dec 15 2011 20:59:36   20111215.zip
   12  -rw-            588  Nov 04 2011 13:54:04   servercert.der
   13  -rw-            320  Nov 04 2011 13:54:26   serverkey.der
   14  drw-              -  Nov 04 2011 13:58:36   security
...
1,927,220 KB total (1,130,464 KB free)
    # Access the working directory on the TFTP server and check the vrpcfg.zip file.

Configuration Files

None

Example for Managing Files When the Device Functions as an FTP Client

Networking Requirements

As shown in Figure 3-26, the remote device at 10.1.1.1/24 functions as the FTP server. The device at 10.2.1.1/24 functions as the FTP client. Routes between the device and the server are reachable.

The device needs to be upgraded. To upgrade the device, you must download system software devicesoft.cc from and upload the configuration file vrpcfg.zip to the FTP server.

Figure 3-26 Network for managing files when the device functions as an FTP client

Configuration Roadmap

The configuration roadmap is as follows:

  1. Run the FTP software on the FTP server and configure FTP user information.
  2. Connect to the FTP server.
  3. Run FTP commands to download devicesoft.cc from and upload vrpcfg.zip to the FTP server.

Procedure

  1. Run the FTP software on the FTP server and configure FTP user information. (For details, see the appropriate third-party documentation.)
  2. Connect to the FTP server. 

    <HUAWEI> ftp 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1.
220 FTP service ready.
User(10.1.1.1:(none)):admin
331 Password required for admin.
Enter password:
230 User logged in.
                  
[HUAWEI-ftp]

  3. Run FTP commands to download devicesoft.cc from and upload vrpcfg.zip to the FTP server. 

    [HUAWEI-ftp] binary
[HUAWEI-ftp] get devicesoft.cc
[HUAWEI-ftp] put vrpcfg.zip
[HUAWEI-ftp] quit

  4. Verify the configuration.

    # Run the dir command on the FTP client to check the devicesoft.cc file.

    <HUAWEI> dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
    0  -rw-             14  Mar 13 2012 14:13:38   back_time_a
    1  drw-              -  Mar 11 2012 00:58:54   logfile
    2  -rw-              4  Nov 17 2011 09:33:58   snmpnotilog.txt
    3  -rw-         11,238  Mar 12 2012 21:15:56   private-data.txt
    4  -rw-          7,717  Mar 12 2012 21:15:54   vrpcfg.zip
    5  -rw-             14  Mar 13 2012 14:13:38   back_time_b
    6  -rw-     93,832,832  Mar 13 2012 14:24:24   devicesoft.cc
    7  drw-              -  Oct 31 2011 10:20:28   sysdrv
    8  drw-              -  Feb 21 2012 17:16:36   compatible
    9  drw-              -  Feb 09 2012 14:20:10   selftest
   10  -rw-         19,174  Feb 20 2012 18:55:32   backup.cfg
   11  -rw-         43,496  Dec 15 2011 20:59:36   20111215.zip
   12  -rw-            588  Nov 04 2011 13:54:04   servercert.der
   13  -rw-            320  Nov 04 2011 13:54:26   serverkey.der
   14  drw-              -  Nov 04 2011 13:58:36   security
...
1,927,220 KB total (1,130,464 KB free)
    # Access the working directory on the FTP server and check the vrpcfg.zip file.

Configuration Files

None

Example for Accessing Other Device Files Through SFTP (in Password Authentication Mode)

Networking Requirements

SSH guarantees secure file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. In SFTP mode, the client can securely connect to the SSH server and transfer files.

As shown in Figure 3-27, the routes between the SSH server and client are reachable. All devices mentioned in this example are Huawei devices.

It is required that the client should connect to the SSH server in password authentication mode to ensure secure access to files on the server.

Figure 3-27 Networking diagram of accessing other device files through SFTP

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair on the SSH server and enable the SFTP server function to implement secure data exchange between the server and client.
  2. Configure the user client on the SSH server to log in to the SSH server in password authentication mode.
  3. Enable the user to log in to the SSH server through SFTP and access the files on the server.

Procedure

  1. Generate a local key pair on the SSH server and enable the SFTP server function. 

    <Quidway> system-view 
[Quidway] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       it will take a few minutes.
Input the bits in the modulus[default = 2048]:2048
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
[SSH Server] sftp server enable

  2. Create an SSH user on the server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound all
[SSH Server-ui-vty0-4] user privilege level 15
[SSH Server-ui-vty0-4] quit

    # Create an SSH user named client. Configure the password authentication mode for the user and set the password to huawei@123.

    [SSH Server] aaa
[SSH Server-aaa] local-user client password irreversible-cipher huawei@123
[SSH Server-aaa] local-user client service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client authentication-type password

  3. Connect the SFTP client to the SSH server.

    # Enable the first authentication function on the SSH client upon the first login.

    Enable the first authentication function for Client.

    <HUAWEI> system-view
[HUAWEI] sysname client
[client] ssh client first-time enable

    # Log in to the SSH server from Client in password authentication mode.

    <client> system-view
[client] sftp 10.1.1.1 
Please input the username: client
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it?[Y/N]:y
Save the server's public key?[Y/N]:y
The server's public key will be saved with the name 10.1.1.1. Please wait.
..

Enter password:
<sftp-client>

  4. Verify the configuration.

    After the configuration, run the display ssh server status and display ssh server session commands on the SSH server. You can find that the SFTP service has been enabled and the SFTP client has connected to the SSH server. You can run the display ssh user-information command to check information about the SSH users on the server.

    # Check the status of the SSH server.

    [SSH Server] display ssh server status
 SSH version                         :1.99
 SSH connection timeout              :60 seconds
 SSH server key generating interval  :0 hours
 SSH Authentication retries          :3 times 
 SFTP Server                         :Enable
 Stelnet server                      :Disable

    # Check the SSH server connections.

    [SSH Server] display ssh server session
    --------------------------------------------------------------------
 Conn   Ver   Encry     State  Auth-type        Username             
 --------------------------------------------------------------------
 VTY 1  2.0   AES       run    password         client

    # Check information about SSH users.

    [SSH Server] display ssh user-information
 -------------------------------------------------------------------------------
 Username         Auth-type          User-public-key-name
 -------------------------------------------------------------------------------
 client           password           null
 -------------------------------------------------------------------------------

Configuration Files

  • SSH server configuration file

    #
 sysname SSH Server
#
aaa
 local-user client password irreversible-cipher %$%$c|-D8KO4/,B[(FR.r!LHg]TK%$%$
 local-user client service-type ssh
#
 sftp server enable
#
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15
 protocol inbound all
#
return

  • SSH client configuration file

    #
 sysname client
#
ssh client first-time enable
#
return

Example for Accessing Other Device Files Through SFTP (in RSA Authentication Mode)

Networking Requirements

SSH guarantees secure file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. In SFTP mode, the client can securely connect to the SSH server and transfer files.

As shown in Figure 3-28, the routes between the SSH server and client are reachable. Huawei device is used as the SSH server in this example.

It is required that the client should connect to the SSH server in RSA authentication mode to ensure secure access to files on the server.

Figure 3-28 Networking diagram of accessing other device files through SFTP

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair on the SSH server and enable the SFTP server function to implement secure data exchange between the server and client.
  2. Configure the user client on the SSH server to log in to the SSH server in RSA authentication mode.
  3. Generate a local key pair on the client and configure the RSA public key generated on the client to the SSH server, which implements authentication on the client when the user logs in to the server from the client.
  4. Enable the user client to log in to the SSH server through SFTP and access the files on the server.

Procedure

  1. Generate a local key pair on the SSH server and enable the SFTP server function.

    <Quidway> system-view 
[Quidway] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 2048]:2048
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++
[SSH Server] sftp server enable

  2. Create an SSH user on the server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound all
[SSH Server-ui-vty0-4] user privilege level 15
[SSH Server-ui-vty0-4] quit

    # Create an SSH user named client and configure the RSA authentication mode for the user.

    [SSH Server] aaa
[SSH Server-aaa] local-user client password irreversible-cipher huawei@123
[SSH Server-aaa] local-user client service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client authentication-type rsa

  3. Generate a local key pair on the client and configure the RSA public key generated on the client to the SSH server.

    # Configure the client to generate a local key pair.

    <HUAWEI> system-view
[HUAWEI] sysname client
[client] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 2048]:2048
Generating keys...
...........++++++++++++
..................++++++++++++
...++++++++
...........++++++++

    # Check the RSA public key of the client.

    [client] display rsa local-key-pair public

=====================================================
Time of Key pair created: 2012-08-25 15:17:31+00:00 
Key name: Host 
Key type: RSA encryption Key 
=====================================================
Key code:
3048
  0241
    D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082
    48A580C1 E6CC295C 8D00E1B0 85E02EC1 32D01F46
    EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035
    D3050A97 57
  0203
    010001

=====================================================
Time of Key pair created: 2012-08-25 15:17:44+00:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
  0260
    B98B5088 7A44A21E 80C929DF 23F8FF16 DF7F6F06
    23B69CAA C3A2CE11 4F37F7D4 E8C56682 A9DB6705
    23C69B6A 5C5D9312 72E93890 D0861237 EC6468A0
    96AEB062 2B4874BB 57F8A69E 30003C61 9B37906C
    1C0E4C09 91C57F94 AECD5005 F7AC2281
  0203
    010001

    # Configure the RSA public key generated on the client to the SSH server. The display command output in bold indicates the RSA public key generated. Copy the key to the server side.

    [SSH Server] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
NOTE: The number of the bits of public key must be between 769 and 2048.
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 3048
[SSH Server-rsa-key-code] 0241
[SSH Server-rsa-key-code] D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082
[SSH Server-rsa-key-code] 48A580C1 E6CC295C 8D00E1B0 85E02EC1 32D01F46
[SSH Server-rsa-key-code] EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035
[SSH Server-rsa-key-code] D3050A97 57
[SSH Server-rsa-key-code] 0203
[SSH Server-rsa-key-code] 010001
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end

    # Bind the RSA public key of the SSH client to the SSH user client.

    [SSH Server] ssh user client assign rsa-key rsakey001

  4. Connect the SFTP client to the SSH server.

    Enable the first authentication function for the SFTP client.

    [client] ssh client first-time enable

    # Log in to the SSH server from the SFTP client in RSA authentication mode.

    <client> system-view
[client] sftp 10.1.1.1
Please input the username: client
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 10.1.1.1. Please wait.
..

sftp-client>

  5. Verify the configuration.

    After the configuration, run the display ssh server status and display ssh server session commands on the SSH server. You can find that the SFTP service has been enabled and the SFTP client has connected to the SSH server. You can run the display ssh user-information command to check information about the SSH users on the server.

    # Check the status of the SSH server.

    [SSH Server] display ssh server status
 SSH version                         :1.99
 SSH connection timeout              :60 seconds
 SSH server key generating interval  :0 hours
 SSH Authentication retries          :3 times 
 SFTP Server                         :Enable
 Stelnet server                      :Disable

    # Check the SSH server connections.

    [SSH Server] display ssh server session
    --------------------------------------------------------------------
 Conn   Ver   Encry     State  Auth-type        Username             
 --------------------------------------------------------------------
 VTY 2  2.0   AES       run    rsa              client
 --------------------------------------------------------------------

    # Check information about SSH users.

    [SSH Server] display ssh user-information
 -------------------------------------------------------------------------------
 Username         Auth-type          User-public-key-name
 -------------------------------------------------------------------------------
 client           rsa                rsakey001 
 -------------------------------------------------------------------------------

Configuration Files

  • SSH server configuration file

    #
 sysname SSH Server
#
 rsa peer-public-key rsakey001
  public-key-code begin
   3048
     0241
       D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082 48A580C1 E6CC295C 8D00E1B0
       85E02EC1 32D01F46 EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035 D3050A97
       57
     0203
       010001
  public-key-code end
 peer-public-key end
#
aaa
 local-user client password irreversible-cipher %$%$4var7p!aM*ULpu4#T=@-30'{%$%$
 local-user client service-type ssh
#
 ssh user client assign rsa-key rsakey001
 ssh user client authentication-type rsa
 sftp server enable
#
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15
 protocol inbound all
#
return

  • SSH client configuration file

    #
 sysname client
#
ssh client first-time enable
#
return
Translation
Favorite
Download
Update Date:2021-02-10
Document ID:EDOC1100156624
Views:1232063
Downloads:1487
Average rating:5.0Points

Related Documents