Establishing a connection to an SFTP server
When you try to access an SFTP server, the device must use the server's host public key to authenticate the server. If the server's host public key is not configured on the device, the device will notify you to confirm whether to continue with the access.
If you choose to continue, the device accesses the server and downloads the server's host public key.
If you choose to not continue, the connection cannot be established.
As a best practice, configure the server's host public key on the device in an insecure network.
After the connection is established, you can directly enter SFTP client view on the server to perform file or directory operations.
The client cannot establish connections to both IPv4 and IPv6 SFTP servers.
To establish a connection to an IPv4 SFTP server:
Task | Command | Remarks |
---|
Establish a connection to an IPv4 SFTP server. | In non-FIPS mode:sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | ecdsa | rsa } | prefer-compress zlib | prefer-ctos-cipher { 3des-cbc | aes128-cbc | aes256-cbc | des-cbc } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange-sha1 | dh-group1-sha1 | dh-group14-sha1 } | prefer-stoc-cipher { 3des-cbc | aes128-cbc | aes256-cbc | des-cbc } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * [ dscp dscp-value | public-key keyname | source { interface interface-type interface-number | ip ip-address } ] * In FIPS mode:sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { ecdsa | rsa } | prefer-compress zlib | prefer-ctos-cipher { aes128-cbc | aes256-cbc } | prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14-sha1 | prefer-stoc-cipher { aes128-cbc | aes256-cbc } | prefer-stoc-hmac { sha1 | sha1-96 } ] * [ public-key keyname | source { interface interface-type interface-number | ip ip-address } ] *
| Available in user view. |
To establish a connection to an IPv6 SFTP server:
Task | Command | Remarks |
---|
Establish a connection to an IPv6 SFTP server. | In non-FIPS mode:sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type interface-number ] [ identity-key { dsa | ecdsa | rsa } | prefer-compress zlib | prefer-ctos-cipher { 3des-cbc | aes128-cbc | aes256-cbc | des-cbc } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange-sha1 | dh-group1-sha1 | dh-group14-sha1 } | prefer-stoc-cipher { 3des-cbc | aes128-cbc | aes256-cbc | des-cbc } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * [ dscp dscp-value | public-key keyname | source { interface interface-type interface-number | ipv6 ipv6-address } ] * In FIPS mode:sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type interface-number ] [ identity-key { ecdsa | rsa } | prefer-compress zlib | prefer-ctos-cipher { aes128-cbc | aes256-cbc } | prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14-sha1 | prefer-stoc-cipher { aes128-cbc | aes256-cbc } | prefer-stoc-hmac { sha1 | sha1-96 } ] * [ public-key keyname | source { interface interface-type interface-number | ipv6 ipv6-address } ] *
| Available in user view. |