Password authentication enabled SFTP server configuration example
Network requirements
As shown in Figure 163:
The router acts as the SFTP server and uses password authentication.
The username and password of the client are saved on the router.
Establish an SFTP connection between the host and the router, so you can log in to the router as a network administrator to manage and transfer files.
Figure 158: Network diagram
Configuration procedure
Configure the SFTP server:
# Generate RSA key pairs.
<Router> system-view [Router] public-key local create rsa The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... ........................++++++ ...................++++++ ..++++++++ ............++++++++ Create the key pair successfully.
# Generate a DSA key pair.
[Router] public-key local create dsa The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... .++++++++++++++++++++++++++++++++++++++++++++++++++* ........+......+.....+......................................+ ...+.................+..........+...+ Create the key pair successfully.
# Generate an ECDSA key pair.
[Router] public-key local create ecdsa secp256r1 Generating Keys... . Create the key pair successfully.
# Enable the SFTP server.
[Router] sftp server enable
# Assign an IP address to interface GigabitEthernet 1/0/1. The client uses this address as the destination for SSH connection.
[Router] interface gigabitethernet 1/0/1 [Router-GigabitEthernet1/0/1] ip address 192.168.1.45 255.255.255.0 [Router-GigabitEthernet1/0/1] quit
# Create a local device management user named client002.
[Router] local-user client002 class manage
# Set the password to aabbcc in plain text for local user client002.
[Router-luser-manage-client002] password simple aabbcc
# Authorize local user client002 to use the SSH service.
[Router-luser-manage-client002] service-type ssh
# Assign the network-admin user role and the working directory flash:/ to local user client002.
[Router-luser-manage-client002] authorization-attribute user-role network-admin work-directory flash:/ [Router-luser-manage-client002] quit
# Create an SSH user named client002. Specify the authentication method as password and service type as sftp for the user.
[Router] ssh user client002 service-type sftp authentication-type password
Establish a connection to the SFTP server:
The device supports different types of SFTP client software. This example uses an SFTP client that runs PSFTP of PuTTY version 0.58.
NOTE:
PSFTP supports only password authentication.
To establish a connection to the SFTP server:
Run the psftp.exe to launch the client interface shown in Figure 164, and enter the following command:
open 192.168.1.45
Enter username client002 and password aabbcc as prompted to log in to the SFTP server.
Figure 159: SFTP client interface