SCP客户端配置示例
组网需求
与使用SFTP协议传输文件相比,SCP协议可以简化用户传输文件的操作,将用户身份认证、文件传输等步骤合并,提高配置效率。
如图7-10所示,作为SCP客户端的设备和服务器路由可达,并从SSH服务器中下载文件至客户端。
操作步骤
- 在服务器端生成本地密钥对。
<HUAWEI> system-view [HUAWEI] sysname SSH_Server [SSH_Server] dsa local-key-pair create Info: The key name will be: SSH_Server_Host_DSA. Info: The key modulus can be any one of the following : 1024, 2048. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=2048]: Info: Generating keys... Info: Succeeded in creating the DSA host keys.
- 在服务器端创建SSH用户。
# 配置VTY用户界面。
[SSH_Server] user-interface vty 0 14 [SSH_Server-ui-vty0-14] authentication-mode aaa [SSH_Server-ui-vty0-14] protocol inbound ssh [SSH_Server-ui-vty0-14] quit
# 新建用户名为Client001的SSH用户,且认证方式为password,服务方式为all。
[SSH_Server] ssh user client001 [SSH_Server] ssh user client001 authentication-type password [SSH_Server] ssh user client001 service-type all
# 为SSH用户Client001配置密码为Helloworld@6789。
[SSH_Server] aaa [SSH_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789 [SSH_Server-aaa] local-user client001 service-type ssh [SSH_Server-aaa] local-user client001 privilege level 3 [SSH_Server-aaa] quit
- 在服务器端使能SCP服务。
[SSH_Server] scp server enable
- 从SCP客户端下载服务器上的文件。
# 第一次登录,使能SSH客户端首次认证功能。
<HUAWEI> system-view [HUAWEI] sysname SCP_Client [SCP_Client] ssh client first-time enable
# 使用aes256加密算法将文件backup.cfg从IP地址为10.1.1.1的远端SSH服务器下载至本地用户目录下。
[SCP_Client] scp -cipher aes256 client001@10.1.1.1:backup.cfg backup.cfg Trying 10.1.1.1 ... Press CTRL+K to abort Connected to 10.1.1.1 ... The server has not been authenticated. Continue to access it? [Y/N]:y Do you want to save the server's public key? [Y/N]:y The server's public key will be saved with the name 10.1.1.1. Please wait. .. Enter password: backup.cfg 100% 19174Bytes 7KByte(s)/sec
配置文件
SSH_Server的配置文件
# sysname SSH_Server # aaa local-user client001 password irreversible-cipher $1a$P2m&M5d"'JHR7b~SrcHF\Z\,2R"t&6V|zOLh9y$>M\bjG$D>%@Ug/<3I$+=Y$ local-user client001 privilege level 3 local-user client001 service-type ssh # scp server enable ssh user client001 ssh user client001 authentication-type password ssh user client001 service-type all # user-interface vty 0 14 authentication-mode aaa # return
SCP_Client的配置文件
# sysname SCP_Client # ssh client first-time enable # return