Password authentication enabled SFTP server configuration example

Network requirements

As shown in Figure 163:

Establish an SFTP connection between the host and the router, so you can log in to the router as a network administrator to manage and transfer files.

Figure 158: Network diagram

Configuration procedure

  1. Configure the SFTP server:

    # Generate RSA key pairs.

    <Router> system-view
    [Router] public-key local create rsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    ........................++++++
    ...................++++++
    ..++++++++
    ............++++++++
    Create the key pair successfully.
    

    # Generate a DSA key pair.

    [Router] public-key local create dsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    .++++++++++++++++++++++++++++++++++++++++++++++++++*
    ........+......+.....+......................................+
    ...+.................+..........+...+
    Create the key pair successfully.
    

    # Generate an ECDSA key pair.

    [Router] public-key local create ecdsa secp256r1
    Generating Keys...
    .
    Create the key pair successfully.
    

    # Enable the SFTP server.

    [Router] sftp server enable
    

    # Assign an IP address to interface GigabitEthernet 1/0/1. The client uses this address as the destination for SSH connection.

    [Router] interface gigabitethernet 1/0/1
    [Router-GigabitEthernet1/0/1] ip address 192.168.1.45 255.255.255.0
    [Router-GigabitEthernet1/0/1] quit
    

    # Create a local device management user named client002.

    [Router] local-user client002 class manage
    

    # Set the password to aabbcc in plain text for local user client002.

    [Router-luser-manage-client002] password simple aabbcc
    

    # Authorize local user client002 to use the SSH service.

    [Router-luser-manage-client002] service-type ssh
    

    # Assign the network-admin user role and the working directory flash:/ to local user client002.

    [Router-luser-manage-client002] authorization-attribute user-role network-admin work-directory flash:/
    [Router-luser-manage-client002] quit
    

    # Create an SSH user named client002. Specify the authentication method as password and service type as sftp for the user.

    [Router] ssh user client002 service-type sftp authentication-type password
    
  2. Establish a connection to the SFTP server:

    The device supports different types of SFTP client software. This example uses an SFTP client that runs PSFTP of PuTTY version 0.58.


    [NOTE: ]

    NOTE:

    PSFTP supports only password authentication.


    To establish a connection to the SFTP server:

    1. Run the psftp.exe to launch the client interface shown in Figure 164, and enter the following command:

      open 192.168.1.45
      
    2. Enter username client002 and password aabbcc as prompted to log in to the SFTP server.

      Figure 159: SFTP client interface