Password authentication enabled SFTP server configuration example

Network requirements

As shown in Figure 114:

Establish an SFTP connection between the host and the switch, so that you can log in to the switch to manage and transfer files.

Figure 113: Network diagram

Configuration procedure

  1. Configure the SFTP server:

    # Generate RSA key pairs.

    <Switch> system-view
    [Switch] public-key local create rsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    ........................++++++
    ...................++++++
    ..++++++++
    ............++++++++
    Create the key pair successfully.
    

    # Generate a DSA key pair.

    [Switch] public-key local create dsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    .++++++++++++++++++++++++++++++++++++++++++++++++++*
    ........+......+.....+......................................+
    ...+.................+..........+...+
    Create the key pair successfully.
    

    # Generate an ECDSA key pair.

    [Switch] public-key local create ecdsa secp256r1
    Generating Keys...
    .
    Create the key pair successfully.
    

    # Enable the SFTP server.

    [Switch] sftp server enable
    

    # Assign an IP address to VLAN-interface 2. The client uses this address as the destination for SSH connection.

    [Switch] interface vlan-interface 2
    [Switch-Vlan-interface2] ip address 192.168.1.45 255.255.255.0
    [Switch-Vlan-interface2] quit
    

    # Create a local device management user named client002.

    [Switch] local-user client002 class manage
    

    # Set the password to aabbcc in plain text for local user client002.

    [Switch-luser-manage-client002] password simple aabbcc
    

    # Authorize local user client002 to use the SSH service.

    [Switch-luser-manage-client002] service-type ssh
    

    # Assign the network-admin user role and working directory flash:/ to local user client002.

    [Switch-luser-manage-client002] authorization-attribute user-role network-admin work-directory flash:/
    [Switch-luser-manage-client002] quit
    

    # Create an SSH user named client002. Specify the authentication method as password and service type as sftp for the user.

    [Switch] ssh user client002 service-type sftp authentication-type password
    
  2. Establish a connection between the SFTP client and the SFTP server:

    The device supports different types of SFTP client software. This example uses an SFTP client that runs PSFTP of PuTTy version 0.58.

    To establish a connection to the SFTP server:

    1. Run the psftp.exe to launch the client interface shown in Figure 115, and enter the following command:

      open 192.168.1.45
      
    2. Enter username client002 and password aabbcc as prompted to log in to the SFTP server.

      Figure 114: SFTP client interface


[NOTE: ]

NOTE:

PSFTP supports only password authentication.