Wireless Access Controller (AC and Fit AP) V200R019C10 CLI-based Configuration Guide
Configuration Examples for File Management
- Example for Logging In to the Device to Manage Files
- Example for Managing Files When the Device Functions as an FTP Server
- Example for Managing Files Using SFTP When the Device Functions as an SSH Server
- Example for Managing Files When the Device Functions as a TFTP Client
- Example for Managing Files When the Device Functions as an FTP Client
- Example for Accessing Other Device Files Through SFTP (in Password Authentication Mode)
- Example for Accessing Other Device Files Through SFTP (in RSA Authentication Mode)
Example for Logging In to the Device to Manage Files
Configuration Requirements
After logging in to the device through the console interface, Telnet, or STelnet, perform the following operations:
- View files and subdirectories in the current directory.
- Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as backup.zip.
- View files in the test directory.
Procedure
- View files and subdirectories in the current directory.
<HUAWEI> dir Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 889 Mar 01 2012 14:41:56 private-data.txt 1 -rw- 6,311 Feb 17 2012 14:05:04 backup.cfg 2 -rw- 2,393 Mar 06 2012 17:20:10 vrpcfg.zip 3 -rw- 812 Dec 12 2011 15:43:10 hostkey 4 drw- - Mar 01 2012 14:41:46 compatible 5 -rw- 540 Dec 12 2011 15:43:12 serverkey ... 206,324 KB total (23,880 KB free)
- Create the test directory, copy the vrpcfg.zip file to test, and rename vrpcfg.zip as backup.zip.
# Create the test directory.
<HUAWEI> mkdir test Info: Create directory flash:/test......Done
# Copy the vrpcfg.zip file to test and rename vrpcfg.zip as backup.zip.
<HUAWEI> copy vrpcfg.zip flash:/test/backup.zip Copy flash:/vrpcfg.zip to flash:/test/backup.zip?(y/n)[n]:y 100% complete Info: Copied file flash:/vrpcfg.zip to flash:/test/backup.zip...Done
If no destination file name is specified, the destination file is set to the source file name by default.
- View files in the test directory.
# Access the test directory.
<HUAWEI> cd test
# View the current working directory.
<HUAWEI> pwd flash:/test
# View files in the test directory.
<HUAWEI> dir Directory of flash:/test/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 2,399 Mar 12 2012 11:16:44 backup.zip 206,324 KB total (21,481 KB free)
Example for Managing Files When the Device Functions as an FTP Server
Networking Requirements
As shown in Figure 3-23, routes between the PC and the device functioning as an FTP server are reachable. 10.136.23.5 is the IP address of VLANIF 1 on the FTP server. To upgrade the device, you must upload the system software devicesoft.cc to and download the configuration file vrpcfg.zip from the FTP server.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure the FTP function and FTP user information including user name, password, user level, service type, and authorized directory on the FTP server.
- Save the vrpcfg.zip file on the FTP server.
- Connect to the FTP server on the PC.
- Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.
Procedure
- Configure the FTP function and FTP user information on
the FTP server.
Before configuring the directory accessible to FTP users, run the dir command to check information about existing directories to ensure validity of the directory to be configured.
<HUAWEI> system-view [HUAWEI] ftp server enable Warning: FTP is not a secure protocol, and it is recommended to use SFTP. Info: Succeeded in starting the FTP server [HUAWEI] aaa [HUAWEI-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 [HUAWEI-aaa] local-user admin1234 privilege level 15 [HUAWEI-aaa] local-user admin1234 service-type ftp [HUAWEI-aaa] local-user admin1234 ftp-directory flash: [HUAWEI-aaa] quit
- Save the vrpcfg.zip file on the FTP
server.
<HUAWEI> save
- Enter the path where the system software package resides
on the PC, connect to the device using FTP, enter the user name admin1234 and password Helloworld@6789. Then, transfer the file in binary mode.
C:\Documents and Settings\Administrator> ftp 10.136.23.5 Connected to 10.136.23.5. 220 FTP service ready. User (10.136.23.5:(none)): admin1234 331 Password required for admin1234. Password: 230 User logged in. ftp> binary 200 Type set to I. ftp>
- Upload devicesoft.cc to and download vrpcfg.zip from the FTP server.
# Upload the devicesoft.cc file to the FTP server.
ftp> put devicesoft.cc 200 Port command okay. 150 Opening BINARY mode data connection for devicesoft.cc 226 Transfer complete. ftp: 93832832 bytes sent in 136.34Seconds 560.79Kbytes/sec.
# Download the vrpcfg.zip file.
ftp> get vrpcfg.zip 200 Port command okay. 150 Opening BINARY mode data connection for vrpcfg.zip. 226 Transfer complete. ftp: 1257 bytes received in 0.03Seconds 40.55Kbytes/sec.
The devicesoft.cc file to upload and the vrpcfg.zip file to download are stored in the local directory on the FTP client. Before uploading and downloading files, obtain the local directory on the client. - Verify the configuration.
# Run the dir command on the FTP server to check the devicesoft.cc file.
<HUAWEI> dir Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 14 Mar 13 2012 14:13:38 back_time_a 1 drw- - Mar 11 2012 00:58:54 logfile 2 -rw- 4 Nov 17 2011 09:33:58 snmpnotilog.txt 3 -rw- 11,238 Mar 12 2012 21:15:56 private-data.txt 4 -rw- 1,257 Mar 12 2012 21:15:54 vrpcfg.zip 5 -rw- 14 Mar 13 2012 14:13:38 back_time_b 6 -rw- 93,832,832 Mar 13 2012 14:24:24 devicesoft.cc 7 drw- - Oct 31 2011 10:20:28 sysdrv 8 drw- - Feb 21 2012 17:16:36 compatible 9 drw- - Feb 09 2012 14:20:10 selftest 10 -rw- 19,174 Feb 20 2012 18:55:32 backup.cfg 11 -rw- 23,496 Dec 15 2011 20:59:36 20111215.zip 12 -rw- 588 Nov 04 2011 13:54:04 servercert.der 13 -rw- 320 Nov 04 2011 13:54:26 serverkey.der 14 drw- - Nov 04 2011 13:58:36 security ... 1,927,220 KB total (1,130,464 KB free)
# Access the FTP user's local directory on the PC and check the vrpcfg.zip file.
Configuration Files
# ftp server enable # aaa local-user admin1234 password irreversible-cipher %^%#7B$FGbVut="mg,EB1+V3ApBK*dU,n@b:$2>xG%.#iRV+@Tp@X,P@^gKx2oe*%^%# local-user admin1234 privilege level 15 local-user admin1234 ftp-directory flash: local-user admin1234 service-type ftp # interface Vlanif1 ip address 10.136.23.5 255.255.255.0 # return
Example for Managing Files Using SFTP When the Device Functions as an SSH Server
Networking Requirements
As shown in Figure 3-24, routes between the PC and the device functioning as an SSH server are reachable. 10.136.23.4 is the management IP address on the SSH server. Files need to be securely transferred between the PC and device to prevent man-in-the-middle attacks and some network attacks (such as DNS spoofing and IP spoofing). To ensure secure file transfer, the device needs to be configured as an SSH server to provide the SFTP service, so that the SSH server can authenticate the client (PC1) and bidirectional data is encrypted.
Configuration Roadmap
The configuration roadmap is as follows:
Generate a local key pair and enable the SFTP server function on the SSH server so that the server and client can securely exchange data.
Configure the VTY user interface on the SSH server.
Configure SSH user information including the authentication mode, user name, and password.
Connect to the SSH server using the third-party software OpenSSH on the PC.
Procedure
- Generate a local key pair on the SSH server, and enable the SFTP server.
<HUAWEI> system-view [HUAWEI] sysname SSH Server [SSH Server] ecc local-key-pair create Info: The key name will be: SSH Server_Host_ECC. Info: The ECC host key named AC_Host_ECC already exists. Warning: Replace it? [Y/N]: y Info: The key modulus can be any one of the following: 256, 384, 521. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=256]:256 Info: Generating keys... Info: Succeeded in creating the ECC host keys. [SSH Server] sftp server enable
- Configure the VTY user interface on the SSH server.
[SSH Server] user-interface vty 0 4 [SSH Server-ui-vty0-4] authentication-mode aaa [SSH Server-ui-vty0-4] protocol inbound all [SSH Server-ui-vty0-4] quit
- Configure SSH user information including the authentication mode, user name, and password.
[SSH Server] aaa [SSH Server-aaa] local-user client001 password irreversible-cipher Huawei@123 [SSH Server-aaa] local-user client001 privilege level 15 [SSH Server-aaa] local-user client001 service-type ssh [SSH Server-aaa] quit [SSH Server] ssh user client001 authentication-type password
- Connect to the SFTP server from the PC using the third-party software OpenSSH.
The Windows CLI can identify OpenSSH commands only when OpenSSH is installed on the terminal. (The following information is for reference only.)
C:\Documents and Settings\Administrator> sftp sftpuser@10.136.23.4 Connecting to 10.136.23.4... The authenticity of host '10.136.23.4 (10.136.23.4)' can't be established. ECC key fingerprint is 46:b2:8a:52:88:42:41:d4:af:8f:4a:41:d9:b8:4f:ee. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.136.23.4' (ECC) to the list of known hosts. User Authentication Password: sftp>
After connecting to the SSH server, the SFTP view is displayed. Users can run SFTP commands to perform file-related operations in the SFTP view.
Configuration Files
# sysname SSH Server # aaa local-user client001 password irreversible-cipher %$%$k$Xg7H;w4HZP5nE4-E4(FcZQ%$%$ local-user client001 privilege level 15 local-user client001 service-type ssh # sftp server enable # user-interface vty 0 4 authentication-mode aaa protocol inbound all # return
Example for Managing Files When the Device Functions as a TFTP Client
Networking Requirements
As shown in Figure 3-25, the remote device at 10.1.1.1/24 functions as the TFTP server. The device at 10.2.1.1/24 functions as the TFTP client. Routes between the device and the server are reachable.
The device needs to be upgraded. To upgrade the device, you must download system software devicesoft.cc from and upload the configuration file vrpcfg.zip to the TFTP server.
Configuration Roadmap
The configuration roadmap is as follows:
- Run the TFTP software on the TFTP server and configure the working directory.
- Run TFTP commands to download devicesoft.cc from and upload vrpcfg.zip to the TFTP server.
Procedure
- Run the TFTP software on the TFTP server and configure the working directory. (For details, see the appropriate third-party documentation.)
- Run TFTP commands to download devicesoft.cc from
and upload vrpcfg.zip to the TFTP server.
<HUAWEI> tftp 10.1.1.1 get devicesoft.cc Info: Transfer file in binary mode. Downloading the file from the remote TFTP server. Please wait... /100% 93832832 bytes received in 271 seconds. TFTP: Downloading the file successfully. Now begins to save file, please wait...... Info: Transfer file in binary mode.
<HUAWEI> tftp 10.1.1.1 put vrpcfg.zip Info: Transfer file in binary mode. Uploading the file to the remote TFTP server. Please wait... 100% TFTP: Uploading the file successfully. 2233264 bytes send in 57 seconds.
- Verify the configuration.
# Run the dir command on the TFTP client to check the devicesoft.cc file.
<HUAWEI> dir Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 14 Mar 13 2012 14:13:38 back_time_a 1 drw- - Mar 11 2012 00:58:54 logfile 2 -rw- 4 Nov 17 2011 09:33:58 snmpnotilog.txt 3 -rw- 11,238 Mar 12 2012 21:15:56 private-data.txt 4 -rw- 7,717 Mar 12 2012 21:15:54 vrpcfg.zip 5 -rw- 14 Mar 13 2012 14:13:38 back_time_b 6 -rw- 93,832,832 Mar 13 2012 14:24:24 devicesoft.cc 7 drw- - Oct 31 2011 10:20:28 sysdrv 8 drw- - Feb 21 2012 17:16:36 compatible 9 drw- - Feb 09 2012 14:20:10 selftest 10 -rw- 19,174 Feb 20 2012 18:55:32 backup.cfg 11 -rw- 43,496 Dec 15 2011 20:59:36 20111215.zip 12 -rw- 588 Nov 04 2011 13:54:04 servercert.der 13 -rw- 320 Nov 04 2011 13:54:26 serverkey.der 14 drw- - Nov 04 2011 13:58:36 security ... 1,927,220 KB total (1,130,464 KB free)
# Access the working directory on the TFTP server and check the vrpcfg.zip file.
Example for Managing Files When the Device Functions as an FTP Client
Networking Requirements
As shown in Figure 3-26, the remote device at 10.1.1.1/24 functions as the FTP server. The device at 10.2.1.1/24 functions as the FTP client. Routes between the device and the server are reachable.
The device needs to be upgraded. To upgrade the device, you must download system software devicesoft.cc from and upload the configuration file vrpcfg.zip to the FTP server.
Configuration Roadmap
The configuration roadmap is as follows:
- Run the FTP software on the FTP server and configure FTP user information.
- Connect to the FTP server.
- Run FTP commands to download devicesoft.cc from and upload vrpcfg.zip to the FTP server.
Procedure
- Run the FTP software on the FTP server and configure FTP user information. (For details, see the appropriate third-party documentation.)
- Connect to the FTP server.
<HUAWEI> ftp 10.1.1.1 Trying 10.1.1.1 ... Press CTRL+K to abort Connected to 10.1.1.1. 220 FTP service ready. User(10.1.1.1:(none)):admin 331 Password required for admin. Enter password: 230 User logged in. [HUAWEI-ftp]
- Run FTP commands to download devicesoft.cc from
and upload vrpcfg.zip to the FTP server.
[HUAWEI-ftp] binary [HUAWEI-ftp] get devicesoft.cc [HUAWEI-ftp] put vrpcfg.zip [HUAWEI-ftp] quit
- Verify the configuration.
# Run the dir command on the FTP client to check the devicesoft.cc file.
<HUAWEI> dir Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 14 Mar 13 2012 14:13:38 back_time_a 1 drw- - Mar 11 2012 00:58:54 logfile 2 -rw- 4 Nov 17 2011 09:33:58 snmpnotilog.txt 3 -rw- 11,238 Mar 12 2012 21:15:56 private-data.txt 4 -rw- 7,717 Mar 12 2012 21:15:54 vrpcfg.zip 5 -rw- 14 Mar 13 2012 14:13:38 back_time_b 6 -rw- 93,832,832 Mar 13 2012 14:24:24 devicesoft.cc 7 drw- - Oct 31 2011 10:20:28 sysdrv 8 drw- - Feb 21 2012 17:16:36 compatible 9 drw- - Feb 09 2012 14:20:10 selftest 10 -rw- 19,174 Feb 20 2012 18:55:32 backup.cfg 11 -rw- 43,496 Dec 15 2011 20:59:36 20111215.zip 12 -rw- 588 Nov 04 2011 13:54:04 servercert.der 13 -rw- 320 Nov 04 2011 13:54:26 serverkey.der 14 drw- - Nov 04 2011 13:58:36 security ... 1,927,220 KB total (1,130,464 KB free)
# Access the working directory on the FTP server and check the vrpcfg.zip file.
Example for Accessing Other Device Files Through SFTP (in Password Authentication Mode)
Networking Requirements
SSH guarantees secure file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. In SFTP mode, the client can securely connect to the SSH server and transfer files.
As shown in Figure 3-27, the routes between the SSH server and client are reachable. All devices mentioned in this example are Huawei devices.
It is required that the client should connect to the SSH server in password authentication mode to ensure secure access to files on the server.
Configuration Roadmap
The configuration roadmap is as follows:
- Generate a local key pair on the SSH server and enable the SFTP server function to implement secure data exchange between the server and client.
- Configure the user client on the SSH server to log in to the SSH server in password authentication mode.
- Enable the user to log in to the SSH server through SFTP and access the files on the server.
Procedure
- Generate a local key pair on the SSH server and enable
the SFTP server function.
<Quidway> system-view [Quidway] sysname SSH Server [SSH Server] rsa local-key-pair create The key name will be: Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, it will take a few minutes. Input the bits in the modulus[default = 2048]:2048 Generating keys... ...........++++++++++++ ..................++++++++++++ ...++++++++ ...........++++++++ [SSH Server] sftp server enable
- Create an SSH user on the server.
# Configure the VTY user interface.
[SSH Server] user-interface vty 0 4 [SSH Server-ui-vty0-4] authentication-mode aaa [SSH Server-ui-vty0-4] protocol inbound all [SSH Server-ui-vty0-4] user privilege level 15 [SSH Server-ui-vty0-4] quit
# Create an SSH user named client. Configure the password authentication mode for the user and set the password to huawei@123.
[SSH Server] aaa [SSH Server-aaa] local-user client password irreversible-cipher huawei@123 [SSH Server-aaa] local-user client service-type ssh [SSH Server-aaa] quit [SSH Server] ssh user client authentication-type password
- Connect the SFTP client to the SSH server.
# Enable the first authentication function on the SSH client upon the first login.
Enable the first authentication function for Client.
<HUAWEI> system-view [HUAWEI] sysname client [client] ssh client first-time enable
# Log in to the SSH server from Client in password authentication mode.
<client> system-view [client] sftp 10.1.1.1 Please input the username: client Trying 10.1.1.1 ... Press CTRL+K to abort Connected to 10.1.1.1 ... The server is not authenticated. Continue to access it?[Y/N]:y Save the server's public key?[Y/N]:y The server's public key will be saved with the name 10.1.1.1. Please wait. .. Enter password: <sftp-client>
- Verify the configuration.
After the configuration, run the display ssh server status and display ssh server session commands on the SSH server. You can find that the SFTP service has been enabled and the SFTP client has connected to the SSH server. You can run the display ssh user-information command to check information about the SSH users on the server.
# Check the status of the SSH server.
[SSH Server] display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Enable Stelnet server :Disable
# Check the SSH server connections.
[SSH Server] display ssh server session
-------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 1 2.0 AES run password client
# Check information about SSH users.
[SSH Server] display ssh user-information ------------------------------------------------------------------------------- Username Auth-type User-public-key-name ------------------------------------------------------------------------------- client password null -------------------------------------------------------------------------------
Configuration Files
SSH server configuration file
# sysname SSH Server # aaa local-user client password irreversible-cipher %$%$c|-D8KO4/,B[(FR.r!LHg]TK%$%$ local-user client service-type ssh # sftp server enable # user-interface vty 0 4 authentication-mode aaa user privilege level 15 protocol inbound all # return
SSH client configuration file
# sysname client # ssh client first-time enable # return
Example for Accessing Other Device Files Through SFTP (in RSA Authentication Mode)
Networking Requirements
SSH guarantees secure file transfer on a traditional insecure network by authenticating the client and encrypting data in bidirectional mode. In SFTP mode, the client can securely connect to the SSH server and transfer files.
As shown in Figure 3-28, the routes between the SSH server and client are reachable. Huawei device is used as the SSH server in this example.
It is required that the client should connect to the SSH server in RSA authentication mode to ensure secure access to files on the server.
Configuration Roadmap
The configuration roadmap is as follows:
- Generate a local key pair on the SSH server and enable the SFTP server function to implement secure data exchange between the server and client.
- Configure the user client on the SSH server to log in to the SSH server in RSA authentication mode.
- Generate a local key pair on the client and configure the RSA public key generated on the client to the SSH server, which implements authentication on the client when the user logs in to the server from the client.
- Enable the user client to log in to the SSH server through SFTP and access the files on the server.
Procedure
- Generate a local key pair on the SSH server and enable the SFTP server function.
<Quidway> system-view [Quidway] sysname SSH Server [SSH Server] rsa local-key-pair create The key name will be: Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 2048]:2048 Generating keys... ...........++++++++++++ ..................++++++++++++ ...++++++++ ...........++++++++ [SSH Server] sftp server enable
- Create an SSH user on the server.
# Configure the VTY user interface.
[SSH Server] user-interface vty 0 4 [SSH Server-ui-vty0-4] authentication-mode aaa [SSH Server-ui-vty0-4] protocol inbound all [SSH Server-ui-vty0-4] user privilege level 15 [SSH Server-ui-vty0-4] quit
# Create an SSH user named client and configure the RSA authentication mode for the user.
[SSH Server] aaa [SSH Server-aaa] local-user client password irreversible-cipher huawei@123 [SSH Server-aaa] local-user client service-type ssh [SSH Server-aaa] quit [SSH Server] ssh user client authentication-type rsa
- Generate a local key pair on the client and configure the RSA public key generated on the client to the SSH server.
# Configure the client to generate a local key pair.
<HUAWEI> system-view [HUAWEI] sysname client [client] rsa local-key-pair create The key name will be: Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 2048]:2048 Generating keys... ...........++++++++++++ ..................++++++++++++ ...++++++++ ...........++++++++
# Check the RSA public key of the client.
[client] display rsa local-key-pair public ===================================================== Time of Key pair created: 2012-08-25 15:17:31+00:00 Key name: Host Key type: RSA encryption Key ===================================================== Key code: 3048 0241 D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082 48A580C1 E6CC295C 8D00E1B0 85E02EC1 32D01F46 EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035 D3050A97 57 0203 010001 ===================================================== Time of Key pair created: 2012-08-25 15:17:44+00:00 Key name: Server Key type: RSA encryption Key ===================================================== Key code: 3067 0260 B98B5088 7A44A21E 80C929DF 23F8FF16 DF7F6F06 23B69CAA C3A2CE11 4F37F7D4 E8C56682 A9DB6705 23C69B6A 5C5D9312 72E93890 D0861237 EC6468A0 96AEB062 2B4874BB 57F8A69E 30003C61 9B37906C 1C0E4C09 91C57F94 AECD5005 F7AC2281 0203 010001
# Configure the RSA public key generated on the client to the SSH server. The display command output in bold indicates the RSA public key generated. Copy the key to the server side.
[SSH Server] rsa peer-public-key rsakey001 Enter "RSA public key" view, return system view with "peer-public-key end". NOTE: The number of the bits of public key must be between 769 and 2048. [SSH Server-rsa-public-key] public-key-code begin Enter "RSA key code" view, return last view with "public-key-code end". [SSH Server-rsa-key-code] 3048 [SSH Server-rsa-key-code] 0241 [SSH Server-rsa-key-code] D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082 [SSH Server-rsa-key-code] 48A580C1 E6CC295C 8D00E1B0 85E02EC1 32D01F46 [SSH Server-rsa-key-code] EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035 [SSH Server-rsa-key-code] D3050A97 57 [SSH Server-rsa-key-code] 0203 [SSH Server-rsa-key-code] 010001 [SSH Server-rsa-key-code] public-key-code end [SSH Server-rsa-public-key] peer-public-key end
# Bind the RSA public key of the SSH client to the SSH user client.
[SSH Server] ssh user client assign rsa-key rsakey001
- Connect the SFTP client to the SSH server.
Enable the first authentication function for the SFTP client.
[client] ssh client first-time enable
# Log in to the SSH server from the SFTP client in RSA authentication mode.
<client> system-view [client] sftp 10.1.1.1 Please input the username: client Trying 10.1.1.1 ... Press CTRL+K to abort Connected to 10.1.1.1 ... The server is not authenticated. Continue to access it? [Y/N] :y Save the server's public key? [Y/N] :y The server's public key will be saved with the name 10.1.1.1. Please wait. .. sftp-client>
- Verify the configuration.
After the configuration, run the display ssh server status and display ssh server session commands on the SSH server. You can find that the SFTP service has been enabled and the SFTP client has connected to the SSH server. You can run the display ssh user-information command to check information about the SSH users on the server.
# Check the status of the SSH server.
[SSH Server] display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Enable Stelnet server :Disable
# Check the SSH server connections.
[SSH Server] display ssh server session
-------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 2 2.0 AES run rsa client --------------------------------------------------------------------
# Check information about SSH users.
[SSH Server] display ssh user-information ------------------------------------------------------------------------------- Username Auth-type User-public-key-name ------------------------------------------------------------------------------- client rsa rsakey001 -------------------------------------------------------------------------------
Configuration Files
SSH server configuration file
# sysname SSH Server # rsa peer-public-key rsakey001 public-key-code begin 3048 0241 D6AA0DCB 11814574 D6894E48 C0D43CD4 31311082 48A580C1 E6CC295C 8D00E1B0 85E02EC1 32D01F46 EB051AA5 C5A96187 9BE4EAD2 5229D981 46107035 D3050A97 57 0203 010001 public-key-code end peer-public-key end # aaa local-user client password irreversible-cipher %$%$4var7p!aM*ULpu4#T=@-30'{%$%$ local-user client service-type ssh # ssh user client assign rsa-key rsakey001 ssh user client authentication-type rsa sftp server enable # user-interface vty 0 4 authentication-mode aaa user privilege level 15 protocol inbound all # return
SSH client configuration file
# sysname client # ssh client first-time enable # return
- Example for Logging In to the Device to Manage Files
- Example for Managing Files When the Device Functions as an FTP Server
- Example for Managing Files Using SFTP When the Device Functions as an SSH Server
- Example for Managing Files When the Device Functions as a TFTP Client
- Example for Managing Files When the Device Functions as an FTP Client
- Example for Accessing Other Device Files Through SFTP (in Password Authentication Mode)
- Example for Accessing Other Device Files Through SFTP (in RSA Authentication Mode)