SCP客户端配置示例

操作步骤

1. 在服务器端生成本地密钥对。

   <HUAWEI> system-view
   [HUAWEI] sysname SSH_Server
   [SSH_Server] dsa local-key-pair create
   Info: The key name will be: SSH_Server_Host_DSA.
   Info: The key modulus can be any one of the following : 1024, 2048.
   Info: If the key modulus is greater than 512, it may take a few minutes.
   Please input the modulus [default=2048]:
   Info: Generating keys...
   Info: Succeeded in creating the DSA host keys. 

2. 在服务器端创建SSH用户。

   # 配置VTY用户界面。

   [SSH_Server] user-interface vty 0 14
   [SSH_Server-ui-vty0-14] authentication-mode aaa
   [SSH_Server-ui-vty0-14] protocol inbound ssh
   [SSH_Server-ui-vty0-14] quit

   # 新建用户名为Client001的SSH用户，且认证方式为password，服务方式为all。

   [SSH_Server] ssh user client001
   [SSH_Server] ssh user client001 authentication-type password
   [SSH_Server] ssh user client001 service-type all

   # 为SSH用户Client001配置密码为Helloworld@6789。

   [SSH_Server] aaa
   [SSH_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789
   [SSH_Server-aaa] local-user client001 service-type ssh
   [SSH_Server-aaa] local-user client001 privilege level 3 
   [SSH_Server-aaa] quit

3. 在服务器端使能SCP服务。

   [SSH_Server] scp server enable

4. 从SCP客户端下载服务器上的文件。

   # 第一次登录，使能SSH客户端首次认证功能。

   <HUAWEI> system-view
   [HUAWEI] sysname SCP_Client
   [SCP_Client] ssh client first-time enable

   # 使用aes256加密算法将文件backup.cfg从IP地址为10.1.1.1的远端SSH服务器下载至本地用户目录下。

   [SCP_Client] scp -cipher aes256 client001@10.1.1.1:backup.cfg backup.cfg
   Trying 10.1.1.1 ...
   Press CTRL+K to abort
   Connected to 10.1.1.1 ...
   The server has not been authenticated. Continue to access it? [Y/N]:y
   Do you want to save the server's public key? [Y/N]:y
   The server's public key will be saved with the name 10.1.1.1. Please wait.
   ..
   Enter password:
   backup.cfg                     100%        19174Bytes            7KByte(s)/sec